2 matches found
CVE-2018-3872
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts the videoHostUrl field from a user-controlled JSON payload, leading to a buffer...
CVE-2018-3872
CVE-2018-3872 is a buffer overflow in Samsung SmartThings Hub video-core HTTP server (credentials handler). The vulnerability arises when user-controlled JSON payloads supply videoHostUrl; the server copies the parsed URI into a fixed-size stackBuffer without length checks, enabling stack-based o...