CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 2CVE-2022-40278
https://notcve.org/view.php?id=CVE-2022-40278
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_free after sqlite3_exec, leading to a denial of service. Se ha detectado un problema en Samsung TizenRT versiones hasta 3.0_GBM (y 3.1_PRE). createDB en el archivo security/provisioning/src/provisioningdatabasemanager.c presenta una falta de sqlite3_free después de sqlite3_exec, conllevando a una denegación de servicio • https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/iotivity/iotivity_1.2-rel/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c#L103 https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/iotivity/iotivity_1.2-rel/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c#L107 https://github.com/Samsung/TizenRT/issues/5628 https://www.sqlite.org/c3ref/exec.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-40279
https://notcve.org/view.php?id=CVE-2022-40279
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service (malfunction). Se ha detectado un problema en Samsung TizenRT versiones hasta 3.0_GBM (y 3.1_PRE). l2_packet_receive_timeout en el archivo wpa_supplicant/src/l2_packet/l2_packet_pcap.c presenta una comprobación ausente en el valor de retorno de pcap_dispatch, conllevando a una denegación de servicio (mal funcionamiento) • https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/wpa_supplicant/src/l2_packet/l2_packet_pcap.c#L181 https://github.com/Samsung/TizenRT/issues/5629 https://linux.die.net/man/3/pcap_dispatch • CWE-252: Unchecked Return Value •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-40281
https://notcve.org/view.php?id=CVE-2022-40281
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). cyassl_connect_step2 in curl/vtls/cyassl.c has a missing X509_free after SSL_get_peer_certificate, leading to information disclosure. Se ha detectado un problema en Samsung TizenRT versiones hasta 3.0_GBM (y 3.1_PRE). La función cyassl_connect_step2 en el archivo curl/vtls/cyassl.c presenta un X509_free faltante después de SSL_get_peer_certificate, conllevando a una divulgación de información • https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/curl/vtls/cyassl.c#L545 https://github.com/Samsung/TizenRT/issues/5626 https://www.openssl.org/docs/man1.1.1/man3/SSL_get_peer_certificate.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-39828
https://notcve.org/view.php?id=CVE-2022-39828
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service. La función sign_pFwInfo en Samsung mTower versiones hasta 0.3.0, presenta una falta de comprobación en el valor de retorno de EC_KEY_set_private_key, conllevando a una denegación de servicio • https://github.com/Samsung/mTower/blob/18f4b592a8a973ce5972f4e2658ea0f6e3686284/tools/fwinfogen.c#L193 https://github.com/Samsung/mTower/issues/76 https://www.openssl.org/docs/manmaster/man3/EC_KEY_set_private_key.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-39829
https://notcve.org/view.php?id=CVE-2022-39829
There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new. Se presenta una desreferencia de puntero NULL en la función aes256_encrypt en Samsung mTower versiones hasta 0.3.0, debido a una falta de comprobación en el valor de retorno de EVP_CIPHER_CTX_new • https://github.com/Samsung/mTower/blob/18f4b592a8a973ce5972f4e2658ea0f6e3686284/tools/ecdsa_keygen.c#L135 https://github.com/Samsung/mTower/issues/75 https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_CTX_new.html • CWE-476: NULL Pointer Dereference •