2 matches found
CVE-2018-3917
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The...
CVE-2018-3917
CVE-2018-3917 (and related TALOS/CNA entries) affects Samsung SmartThings Hub STH-ETH-250 firmware 0.20.17. The video-core HTTP server reads shard table fields (region among others) from SQLite and copies them with strcpy into fixed-size buffers, causing a stack-based buffer overflow when arbitra...