CVE-2026-23750HIGH 8.1EPSS p5.1%

CVE-2026-23750CVE-2026-23750

Description

Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap-based buffer overflow in BLE GATT server certificate handling. server_cert_write() allocates a heap buffer of size CONFIG_POUCH_SERVER_CERT_MAX_LEN when receiving the first fragment, then appends subsequent fragments using memcpy() without verifying that sufficient capacity remains. An adjacent BLE client can send unauthenticated fragments whose combined size exceeds the allocated buffer, causing a heap overflow and crash; integrity impact is also possible due to memory corruption.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS0.16% probability of exploitation · percentile 5.1% · 2026-06-18T12:00:27Z
Published2026-02-26
Last modified2026-04-15

Underlying weaknesses· 1

CWE-122

References

  1. https://blog.secmate.dev/posts/golioth-vulnerabilities-disclosure/
  2. https://github.com/golioth/pouch/commit/1b2219a1
  3. https://secmate.dev/disclosures/SECMATE-2025-0018
  4. https://www.vulncheck.com/advisories/golioth-pouch-ble-gatt-heap-based-buffer-overflow

1

TypeTargetConfidenceTier
WeaknessHeap-based Buffer Overflowcwe-1220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-5068
CVE
CVE-2026-5589
CVE
CVE-2026-33846
CVE
CVE-2025-32990
CVE
CVE-2024-23775
CVE
CVE-2026-2646
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.