CVE-2018-3896 in SmartThings Hubinfo

Zusammenfassung

von MITRE

An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "correlationId" value in order to exploit this vulnerability.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

Talos

Reservieren

01.01.2018

Veröffentlichung

10.09.2018

Moderieren

akzeptiert

Eintrag

VDB-123812

CPE

bereit

CWE

CWE-119 (bestätigt)

CVSS

8.8 (NVD)

EPSS

0.01534

KEV

nein

Aktivitäten

very low

Sektor

Education, Energy, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2018-3896
NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-3896
CVE Details	https://www.cvedetails.com/cve/CVE-2018-3896/

◂ Zurück Übersicht Weiter ▸

Might our Artificial Intelligence support you?

Check our Alexa App!