6
CVE-2023-21500
- EPSS 0.02%
- Published 04.05.2023 21:15:10
- Last modified 21.11.2024 07:42:57
- Source mobile.security@samsung.com
- Teams watchlist Login
- Open Login
Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory.
Data is provided by the National Vulnerability Database (NVD)
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.036 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| mobile.security@samsung.com | 6 | 1.5 | 4 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
|
CWE-415 Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.