Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Golioth Firmware SDK < 0.22.0 Blockwise Transfer Path Out-of-Bounds Read
Vulnerability Description
Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwise_transfer_init() accepts a path whose length equals CONFIG_GOLIOTH_COAP_MAX_PATH_LEN and copies it using strncpy() without guaranteeing a trailing NUL byte, leaving ctx->path unterminated. A later strlen() on this buffer (in golioth_coap_client_get_internal()) can read past the end of the allocation, resulting in a crash/denial of service. The input is application-controlled (not network by default).
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
不恰当的空终结符
Vulnerability Title
Golioth Firmware SDK 安全漏洞
Vulnerability Description
Golioth Firmware SDK是Golioth开源的一个软件开发工具包。 Golioth Firmware SDK 0.19.1至0.22.0之前版本存在安全漏洞,该漏洞源于分块传输路径未正确终止,可能导致越界读取和崩溃或拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A