Lucene search

[email protected]NVD:CVE-2022-40278

HistorySep 29, 2022 - 3:15 a.m.

CVE-2022-40278

2022-09-2903:15:15

CWE-416

[email protected]

web.nvd.nist.gov

samsung tizenrt

security issue

provisioningdatabasemanager

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

70.2%

JSON

An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_free after sqlite3_exec, leading to a denial of service.

Affected configurations

NVD

Node

samsungtizenrtMatch1.0m1

samsungtizenrtMatch1.1

samsungtizenrtMatch2.0gbm_m1

samsungtizenrtMatch2.0m2

samsungtizenrtMatch3.0gbm

samsungtizenrtMatch3.1pre

References

github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/iotivity/iotivity_1.2-rel/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c#L103

github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/iotivity/iotivity_1.2-rel/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c#L107

github.com/Samsung/TizenRT/issues/5628

www.sqlite.org/c3ref/exec.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

70.2%

JSON

Related for NVD:CVE-2022-40278

cve1 cvelist1 prion1