CVE-2023-41268 - OpenCVE

Improper input validation vulnerability in Samsung Open Source Escargot allows stack overflow and segmentation fault. This issue affects Escargot: from 3.0.0 through 4.0.0.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Samsung	Escargot

Configuration 1 [-]

OR	cpe:2.3:a:samsung:escargot:3.0.0:::::::*
	cpe:2.3:a:samsung:escargot:4.0.0:::::::*

References

Link	Resource
https://github.com/Samsung/escargot/pull/1260	Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published: 2023-12-06T03:46:16.110Z

Updated: 2023-12-14T09:24:10.303Z

Reserved: 2023-08-28T08:40:10.107Z

Link: CVE-2023-41268

JSON object: View

NVD Information

Status : Modified

Published: 2023-12-06T04:15:07.773

Modified: 2023-12-14T10:15:07.723

Link: CVE-2023-41268

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-41268", "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "state": "PUBLISHED", "assignerShortName": "samsung.tv_appliance", "dateReserved": "2023-08-28T08:40:10.107Z", "datePublished": "2023-12-06T03:46:16.110Z", "dateUpdated": "2023-12-14T09:24:10.303Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Escargot", "repo": "https://github.com/Samsung/escargot/", "vendor": "Samsung Open Source", "versions": [{"lessThanOrEqual": "4.0.0", "status": "affected", "version": "3.0.0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Android Sri"}], "datePublic": "2023-12-12T00:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper input validation vulnerability in Samsung Open Source Escargot allows stack overflow and segmentation fault. <p>This issue affects Escargot: from 3.0.0 through 4.0.0.</p>"}], "value": "Improper input validation vulnerability in Samsung Open Source Escargot allows stack overflow and segmentation fault.\u00a0This issue affects Escargot: from 3.0.0 through 4.0.0.\n\n"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "shortName": "samsung.tv_appliance", "dateUpdated": "2023-12-14T09:24:10.303Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/Samsung/escargot/pull/1260"}], "source": {"discovery": "EXTERNAL"}, "title": "Possible stack overflow due to insufficient input validation", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samsung:escargot:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D34787CB-9119-48D9-AA02-81C04EAEECE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samsung:escargot:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0CF60791-B028-45C4-8BF5-57443F77ADE1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper input validation vulnerability in Samsung Open Source Escargot allows stack overflow and segmentation fault.\u00a0This issue affects Escargot: from 3.0.0 through 4.0.0.\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de validaci\u00f3n de entrada incorrecta en Samsung Open Source Escargot permite un desbordamiento de pila y una falla de segmentaci\u00f3n. Este problema afecta a Escargot: desde 3.0.0 hasta 4.0.0."}], "id": "CVE-2023-41268", "lastModified": "2023-12-14T10:15:07.723", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "PSIRT@samsung.com", "type": "Secondary"}]}, "published": "2023-12-06T04:15:07.773", "references": [{"source": "PSIRT@samsung.com", "tags": ["Patch"], "url": "https://github.com/Samsung/escargot/pull/1260"}], "sourceIdentifier": "PSIRT@samsung.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "PSIRT@samsung.com", "type": "Secondary"}]}