VYPR

Golioth Firmware SDK

by Golioth

Source repositories

CVEs (3)

  • CVE-2026-23748LowFeb 26, 2026
    risk 0.24cvss 3.7epss 0.00

    Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit d7f55b38, contain an out-of-bounds read in LightDB State string parsing. When processing a string payload, a payload_size value less than 2 can cause a size_t underflow when computing the number of bytes to…

  • CVE-2026-23747LowFeb 26, 2026
    risk 0.24cvss 3.7epss 0.00

    Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit 48f521b, contain a stack-based buffer overflow in Payload Utils. The golioth_payload_as_int() and golioth_payload_as_float() helpers copy network-supplied payload data into fixed-size stack buffers using…

  • CVE-2026-23749LowFeb 26, 2026
    risk 0.19cvss 2.9epss 0.00

    Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwise_transfer_init() accepts a path whose length equals CONFIG_GOLIOTH_COAP_MAX_PATH_LEN and copies…