2 matches found
CVE-2018-3877
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 160 bytes. An attacker can send an arbitrarily long...
CVE-2018-3877
The advisory notes CVE-2018-3877 affects Samsung SmartThings Hub STH-ETH-250 with firmware 0.20.17, where video-core’s HTTP server credentials handler copies JSON parameter values using strncpy into a stack buffer sized 160 bytes. The source data (e.g., the directory field) is user controlled, an...