Golioth Firmware SDK version 0.10.0 prior to 0.22.0,...
Moderate severity
Unreviewed
Published
Feb 26, 2026
to the GitHub Advisory Database
•
Updated Feb 27, 2026
Description
Published by the National Vulnerability Database
Feb 26, 2026
Published to the GitHub Advisory Database
Feb 26, 2026
Last updated
Feb 27, 2026
Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit d7f55b38, contain an out-of-bounds read in LightDB State string parsing. When processing a string payload, a payload_size value less than 2 can cause a size_t underflow when computing the number of bytes to copy (nbytes). The subsequent memcpy() reads past the end of the network buffer, which can crash the device. The condition is reachable from on_payload, and golioth_payload_is_null() does not block payload_size==1. A malicious server or MITM can trigger a denial of service.
References