CVE-2024-32673

Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly runtime engine allows a segmentation fault issue. This issue affects Walrus: before 72c7230f32a0b791355bbdfc78669701024b0956.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/Samsung/walrus/pull/241

Configurations

No configuration.

History

16 Aug 2024, 07:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

03 Jul 2024, 12:53

Type	Values Removed	Values Added
Summary		(es) La validación inadecuada de la vulnerabilidad del índice de matriz en el motor de ejecución de Samsung Open Source Walrus Webassembly permite un problema de falla de segmentación. Este problema afecta a Walrus: antes de 72c7230f32a0b791355bbdfc78669701024b0956.

03 Jul 2024, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-03 02:15

Updated : 2024-08-16 07:15

NVD link : CVE-2024-32673

Mitre link : CVE-2024-32673

CVE.ORG link : CVE-2024-32673

JSON object : View

Products Affected

No product.

CWE

CWE-129

Improper Validation of Array Index

{"id": "CVE-2024-32673", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "PSIRT@samsung.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "PSIRT@samsung.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 6.7, "automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "CLEAR", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-07-03T02:15:10.297", "references": [{"url": "https://github.com/Samsung/walrus/pull/241", "source": "PSIRT@samsung.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "PSIRT@samsung.com", "description": [{"lang": "en", "value": "CWE-129"}]}], "descriptions": [{"lang": "en", "value": "Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly runtime engine allows a segmentation fault issue.\n\nThis issue affects Walrus: before 72c7230f32a0b791355bbdfc78669701024b0956."}, {"lang": "es", "value": "La validaci\u00f3n inadecuada de la vulnerabilidad del \u00edndice de matriz en el motor de ejecuci\u00f3n de Samsung Open Source Walrus Webassembly permite un problema de falla de segmentaci\u00f3n. Este problema afecta a Walrus: antes de 72c7230f32a0b791355bbdfc78669701024b0956."}], "lastModified": "2024-08-16T07:15:03.693", "sourceIdentifier": "PSIRT@samsung.com"}