CVE-2022-28791
published 2022-05-03CVE-2022-28791: Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNIHAN
Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| samsung | galaxy_store | < 4.5.41.8 | 4.5.41.8 |
| samsung_mobile | galaxy_store | >= - < 4.5.41.3 | 4.5.41.3 |