{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-03T18:47:54.038","vulnerabilities":[{"cve":{"id":"CVE-2026-23749","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-02-26T18:23:06.763","lastModified":"2026-06-17T10:22:02.733","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwise_transfer_init() accepts a path whose length equals CONFIG_GOLIOTH_COAP_MAX_PATH_LEN and copies it using strncpy() without guaranteeing a trailing NUL byte, leaving ctx->path unterminated. A later strlen() on this buffer (in golioth_coap_client_get_internal()) can read past the end of the allocation, resulting in a crash/denial of service. The input is application-controlled (not network by default)."},{"lang":"es","value":"Golioth Firmware SDK versión 0.19.1 anterior a la 0.22.0, corregido en el commit 0e788217, contiene una lectura fuera de límites debido a una terminación nula incorrecta de una ruta de transferencia por bloques. blockwise_transfer_init() acepta una ruta cuya longitud es igual a CONFIG_GOLIOTH_COAP_MAX_PATH_LEN y la copia usando strncpy() sin garantizar un byte NUL final, dejando ctx-&gt;path sin terminar. Un strlen() posterior en este búfer (en golioth_coap_client_get_internal()) puede leer más allá del final de la asignación, lo que resulta en un fallo/denegación de servicio. La entrada es controlada por la aplicación (no por la red por defecto)."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Golioth","product":"Firmware SDK","defaultStatus":"unaffected","repo":"https://github.com/golioth/golioth-firmware-sdk","versions":[{"version":"0.19.1","lessThan":"0.22.0","versionType":"semver","status":"affected"},{"version":"0e788217ab4b61a7c1d9fadd1b4a40f5f538a26d","versionType":"git","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":2.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.4,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-27T17:55:58.632725Z","id":"CVE-2026-23749","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-170"}]}],"references":[{"url":"https://blog.secmate.dev/posts/golioth-vulnerabilities-disclosure/","source":"disclosure@vulncheck.com"},{"url":"https://github.com/golioth/golioth-firmware-sdk/commit/0e788217ab4b61a7c1d9fadd1b4a40f5f538a26d","source":"disclosure@vulncheck.com"},{"url":"https://github.com/golioth/golioth-firmware-sdk/releases/tag/v0.22.0","source":"disclosure@vulncheck.com"},{"url":"https://secmate.dev/disclosures/SECMATE-2025-0017","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/golioth-firmware-sdk-blockwise-transfer-path-out-of-bounds-read","source":"disclosure@vulncheck.com"}]}}]}