CVE-2024-32671

Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/Samsung/escargot/pull/1359	Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:samsung:escargot:4.0.0:*:*:*:*:*:*:*

History

11 Sep 2024, 15:57

Type	Values Removed	Values Added
CWE		CWE-787
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Samsung Samsung escargot
CPE		cpe:2.3:a:samsung:escargot:4.0.0:::::::*
References	~~() https://github.com/Samsung/escargot/pull/1359 -~~	() https://github.com/Samsung/escargot/pull/1359 - Issue Tracking

29 Jul 2024, 14:12

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en el motor JavaScript Escargot de código abierto de Samsung permite desbordamiento de búfer. Este problema afecta a Escargot: 4.0.0.

29 Jul 2024, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-29 03:15

Updated : 2024-09-11 15:57

NVD link : CVE-2024-32671

Mitre link : CVE-2024-32671

CVE.ORG link : CVE-2024-32671

JSON object : View

Products Affected

samsung

escargot

CWE

CWE-787

Out-of-bounds Write

CWE-122

Heap-based Buffer Overflow

{"id": "CVE-2024-32671", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "PSIRT@samsung.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 6.9, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "LOW", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-07-29T03:15:02.017", "references": [{"url": "https://github.com/Samsung/escargot/pull/1359", "tags": ["Issue Tracking"], "source": "PSIRT@samsung.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "PSIRT@samsung.com", "description": [{"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0."}, {"lang": "es", "value": " La vulnerabilidad de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en el motor JavaScript Escargot de c\u00f3digo abierto de Samsung permite desbordamiento de b\u00fafer. Este problema afecta a Escargot: 4.0.0."}], "lastModified": "2024-09-11T15:57:55.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:escargot:4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CF60791-B028-45C4-8BF5-57443F77ADE1"}], "operator": "OR"}]}], "sourceIdentifier": "PSIRT@samsung.com"}