2 matches found
CVE-2018-3912
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. The strcpy call overflows the destination buffer, which has a size of 128...
CVE-2018-3912
CVE-2018-3912 affects Samsung SmartThings Hub STH-ETH-250 firmware 0.20.17. The video-core HTTP server copies database fields from shard into a stack-allocated structure using strcpy without length checks, enabling stack-based buffer overflows (secretKey, plus other fields with varying sizes). An...