Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Golioth Firmware SDK < 0.22.0 Payload Utils Stack-based Buffer Overflow
Vulnerability Description
Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit 48f521b, contain a stack-based buffer overflow in Payload Utils. The golioth_payload_as_int() and golioth_payload_as_float() helpers copy network-supplied payload data into fixed-size stack buffers using memcpy() with a length derived from payload_size. The only length checks are guarded by assert(); in release builds, the asserts are compiled out and memcpy() may copy an unbounded payload_size. Payloads larger than 12 bytes (int) or 32 bytes (float) can overflow the stack, resulting in a crash/denial of service. This is reachable via LightDB State on_payload with a malicious server or MITM.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
栈缓冲区溢出
Vulnerability Title
Golioth Firmware SDK 安全漏洞
Vulnerability Description
Golioth Firmware SDK是Golioth开源的一个软件开发工具包。 Golioth Firmware SDK 0.10.0至0.22.0之前版本存在安全漏洞,该漏洞源于Payload Utils中存在基于栈的缓冲区溢出,可能导致崩溃或拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A