CVE-2022-40278
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
29/09/2022
Last modified:
30/09/2022
Description
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_free after sqlite3_exec, leading to a denial of service.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:samsung:tizenrt:1.0:m1:*:*:*:*:*:* | ||
| cpe:2.3:o:samsung:tizenrt:1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:samsung:tizenrt:2.0:gbm_m1:*:*:*:*:*:* | ||
| cpe:2.3:o:samsung:tizenrt:2.0:m2:*:*:*:*:*:* | ||
| cpe:2.3:o:samsung:tizenrt:3.0:gbm:*:*:*:*:*:* | ||
| cpe:2.3:o:samsung:tizenrt:3.1:pre:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/iotivity/iotivity_1.2-rel/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c#L103
- https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/iotivity/iotivity_1.2-rel/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c#L107
- https://github.com/Samsung/TizenRT/issues/5628
- https://www.sqlite.org/c3ref/exec.html