Golioth Firmware SDK LightDB State Out-of-Bounds Read Vulnerability
Vulnerability
A vulnerability exists in Golioth Firmware SDK versions 0.10.0 prior to 0.22.0, involving an out-of-bounds read during LightDB State string parsing. This issue arises when a string payload's size is less than 2, leading to a size_t underflow in the calculation of bytes to copy. The resulting memcpy() operation reads beyond the end of the network buffer, potentially crashing the device. This condition can be triggered by a malicious server or a man-in-the-middle (MITM) attacker, causing a denial-of-service effect.
Impact
Exploitation of this vulnerability leads to a denial-of-service condition, causing the device to crash.
Reproduction
The vulnerability can be reproduced by sending a string payload with a size less than 2 bytes to the Golioth client. This can be done by a malicious server or through a man-in-the-middle attack, taking advantage of the fact that the 'golioth_payload_is_null()' function does not filter out payloads of size 1.
Remediation
Users can upgrade to Golioth Firmware SDK version 0.22.0 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.