CVE-2022-39829

Опубликовано: 05 сент. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new.

Ссылки

https://github.com/Samsung/mTower/blob/18f4b592a8a973ce5972f4e2658ea0f6e3686284/tools/ecdsa_keygen.c#L135
Exploit
Third Party Advisory
https://github.com/Samsung/mTower/issues/75
Exploit
Issue Tracking
Third Party Advisory
https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_CTX_new.html
Third Party Advisory
https://github.com/Samsung/mTower/blob/18f4b592a8a973ce5972f4e2658ea0f6e3686284/tools/ecdsa_keygen.c#L135
Exploit
Third Party Advisory
https://github.com/Samsung/mTower/issues/75
Exploit
Issue Tracking
Third Party Advisory
https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_CTX_new.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:samsung:mtower:*:*:*:*:*:*:*:*

Версия до 0.3.0 (включая)

EPSS

Процентиль: 61%

0.00418

Низкий

7.5 High

CVSS3

Дефекты

CWE-476

Связанные уязвимости

GHSA-m629-74r3-h6qq