7.5
CVE-2022-39828
- EPSS 1.07%
- Veröffentlicht 05.09.2022 04:15:08
- Zuletzt bearbeitet 21.11.2024 07:18:20
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.07% | 0.607 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
https://github.com/Samsung/mTower/blob/18f4b592a8a973ce5972f4e2658ea0f6e3686284/tools/fwinfogen.c#L193
https://github.com/Samsung/mTower/issues/76
https://www.openssl.org/docs/manmaster/man3/EC_KEY_set_private_key.html