CVE-2018-3903 Information
Description
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17 the video-core process incorrectly extracts fields from a user-controlled JSON payload leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The memcpy call overflows the destination buffer which has a size of 512 bytes. An attacker can send an arbitrarily long \url\ value in order to overwrite the saved-PC with 0x42424242.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Reference
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0574
On
Samsung
SmartThings
Hub
STH-ETH-250
devices
with
firmware
version
0.20.17
the
video-core
process
incorrectly
extracts
fields
from
a
user-controlled
JSON
payload
leading
to
a
buffer
overflow
on
the
stack.
An
attacker
can
send
an
HTTP
request
to
trigger
this
vulnerability.
The
memcpy
call
overflows
the
destination
buffer
which
has
a
size
of
512
bytes.
An
attacker
can
send
an
arbitrarily
long
\url
value
in
order
to
overwrite
the
saved-PC
with
0x42424242.
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
CHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.9
Share on: