Denial of Service Vulnerability in Samsung mTower Versions
CVE-2022-39828

7.5HIGH

Key Information:

Vendor
Samsung
Status
Mtower
Vendor
CVE Published:
5 September 2022

Summary

The mTower product from Samsung, specifically version 0.3.0, contains a vulnerability due to a missing check on the return value of the EC_KEY_set_private_key function. This oversight can lead to a denial of service, potentially compromising the availability of the service and impacting user operations. It is crucial for users to be aware of this security issue and apply the necessary updates or mitigations to protect their systems.

References

https://www.openssl.org/docs/manmaster/man3/EC_KEY_set_pr...
x_refsource_MISC
https://github.com/Samsung/mTower/issues/76
x_refsource_MISC
https://github.com/Samsung/mTower/blob/18f4b592a8a973ce59...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.