CVE-2024-32671

Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/Samsung/escargot/pull/1359	Issue Tracking
https://github.com/Samsung/escargot/pull/1359	Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:samsung:escargot:4.0.0:*:*:*:*:*:*:*

History

21 Nov 2024, 09:15

Type	Values Removed	Values Added
References	~~() https://github.com/Samsung/escargot/pull/1359 - Issue Tracking~~	() https://github.com/Samsung/escargot/pull/1359 - Issue Tracking

11 Sep 2024, 15:57

Type	Values Removed	Values Added
CPE		cpe:2.3:a:samsung:escargot:4.0.0:::::::*
First Time		Samsung Samsung escargot
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
References	~~() https://github.com/Samsung/escargot/pull/1359 -~~	() https://github.com/Samsung/escargot/pull/1359 - Issue Tracking
CWE		CWE-787

29 Jul 2024, 14:12

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en el motor JavaScript Escargot de código abierto de Samsung permite desbordamiento de búfer. Este problema afecta a Escargot: 4.0.0.

29 Jul 2024, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-29 03:15

Updated : 2024-11-21 09:15

NVD link : CVE-2024-32671

Mitre link : CVE-2024-32671

CVE.ORG link : CVE-2024-32671

JSON object : View

Products Affected

samsung

escargot

CWE

CWE-122

Heap-based Buffer Overflow

CWE-787

Out-of-bounds Write

{"id": "CVE-2024-32671", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "PSIRT@samsung.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 6.9, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "LOW", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-07-29T03:15:02.017", "references": [{"url": "https://github.com/Samsung/escargot/pull/1359", "tags": ["Issue Tracking"], "source": "PSIRT@samsung.com"}, {"url": "https://github.com/Samsung/escargot/pull/1359", "tags": ["Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "PSIRT@samsung.com", "description": [{"lang": "en", "value": "CWE-122"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0."}, {"lang": "es", "value": " La vulnerabilidad de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en el motor JavaScript Escargot de c\u00f3digo abierto de Samsung permite desbordamiento de b\u00fafer. Este problema afecta a Escargot: 4.0.0."}], "lastModified": "2024-11-21T09:15:26.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:escargot:4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CF60791-B028-45C4-8BF5-57443F77ADE1"}], "operator": "OR"}]}], "sourceIdentifier": "PSIRT@samsung.com"}