PT-2022-25319 · Samsung · Tizenrt
Uvscan
·
Published
2022-09-08
·
Updated
2022-09-13
·
CVE-2022-40280
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Samsung TizenRT versions through 3.0 GBM and 3.1 PRE
Description
An issue was discovered in the createDB function within the provisioningdatabasemanager.c file, located in the security/provisioning/src directory. This issue is caused by a missing
sqlite3 close call after sqlite3 open v2, resulting in a denial of service.Recommendations
For Samsung TizenRT versions through 3.0 GBM and 3.1 PRE, consider applying a patch that includes the necessary
sqlite3 close call after sqlite3 open v2 in the createDB function to prevent a denial of service.Fix
Missing Release of Resource after Effective Lifetime
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tizenrt