漏洞关键信息 漏洞标题 Golioth Firmware SDK path unterminated. A later strlen() in this buffer (in golioth_coap_client_get_internal()) can read past the end of the allocation, resulting in a crash/denial of service. The input is application-controlled (not network by default). CVSS v4 Vector AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N 参考链接 SecMate Disclosure Golioth Firmware SDK v0.22.0 Release Notes Golioth Firmware SDK GitHub Patch Commit 致谢 SecMate (https://secmate.dev) 其他信息 此漏洞为CVSS3.1中的CVE-2026-23749,标签为CVE-170: Improper Null Termination。