Lucene search

[email protected]CVE-2022-39830

HistorySep 05, 2022 - 4:15 a.m.

CVE-2022-39830

2022-09-0504:15:08

[email protected]

web.nvd.nist.gov

samsung

mtower

cve-2022-39830

denial of service

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.004 Low

EPSS

Percentile

74.2%

JSON

sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service.

Affected configurations

NVD

Node

samsungmtowerRange≤0.3.0

CPENameOperatorVersion
samsung:mtowersamsung mtowerle0.3.0

CPE	Name	Operator	Version
samsung:mtower	samsung mtower	le	0.3.0

References

github.com/Samsung/mTower/blob/18f4b592a8a973ce5972f4e2658ea0f6e3686284/tools/fwinfogen.c#L194

github.com/Samsung/mTower/issues/77

www.openssl.org/docs/manmaster/man3/EC_KEY_set_public_key_affine_coordinates.html

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.004 Low

EPSS

Percentile

74.2%

JSON

Related for CVE-2022-39830

cvelist1 osv1 prion1 nvd1