An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_free after sqlite3_exec, leading to a denial of service.
References
Link | Resource |
---|---|
https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/iotivity/iotivity_1.2-rel/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c#L103 | Exploit Third Party Advisory |
https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/iotivity/iotivity_1.2-rel/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c#L107 | Exploit Third Party Advisory |
https://github.com/Samsung/TizenRT/issues/5628 | Issue Tracking Third Party Advisory |
https://www.sqlite.org/c3ref/exec.html | Technical Description Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
30 Sep 2022, 20:04
Type | Values Removed | Values Added |
---|---|---|
First Time |
Samsung
Samsung tizenrt |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-416 | |
References | (MISC) https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/iotivity/iotivity_1.2-rel/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c#L103 - Exploit, Third Party Advisory | |
References | (MISC) https://github.com/Samsung/TizenRT/issues/5628 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://www.sqlite.org/c3ref/exec.html - Technical Description, Third Party Advisory | |
References | (MISC) https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/iotivity/iotivity_1.2-rel/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c#L107 - Exploit, Third Party Advisory | |
CPE | cpe:2.3:o:samsung:tizenrt:2.0:gbm_m1:*:*:*:*:*:* cpe:2.3:o:samsung:tizenrt:1.0:m1:*:*:*:*:*:* cpe:2.3:o:samsung:tizenrt:1.1:*:*:*:*:*:*:* cpe:2.3:o:samsung:tizenrt:2.0:m2:*:*:*:*:*:* cpe:2.3:o:samsung:tizenrt:3.1:pre:*:*:*:*:*:* cpe:2.3:o:samsung:tizenrt:3.0:gbm:*:*:*:*:*:* |
29 Sep 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-29 03:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-40278
Mitre link : CVE-2022-40278
CVE.ORG link : CVE-2022-40278
JSON object : View
Products Affected
samsung
- tizenrt
CWE
CWE-416
Use After Free