2 matches found
CVE-2018-3904
An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on...
CVE-2018-3904
CVE-2018-3904 is a buffer overflow in Samsung SmartThings Hub STH-ETH-250, triggered by user-controlled JSON in the video-core HTTP server when handling PATCH /cameras/ requests. The vulnerable code copies a parameter value (url or state) into a 512-byte stack buffer using memcpy with length deri...