Denial of Service Vulnerability in Samsung mTower Software
CVE-2022-39830

7.5HIGH

Key Information:

Vendor
Samsung
Status
Mtower
Vendor
CVE Published:
5 September 2022

Summary

The mTower software developed by Samsung contains a vulnerability due to a missing validation check in the method sign_pFwInfo. Specifically, when using the function EC_KEY_set_public_key_affine_coordinates, improper handling of the return value can escalate to a denial of service situation. This flaw affects the stability and reliability of the software, making it crucial for users to implement necessary security measures.

References

https://www.openssl.org/docs/manmaster/man3/EC_KEY_set_pu...
x_refsource_MISC
https://github.com/Samsung/mTower/issues/77
x_refsource_MISC
https://github.com/Samsung/mTower/blob/18f4b592a8a973ce59...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.