CVE-2022-40281 โ€” Missing Release of Memory after Effective Lifetime in Samsung Tizenrt

CWE-401 โ€” Missing Release of Memory after Effective Lifetime4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 47.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Samsung Tizenrt
Timeline
PublishedSep 8
Latest updateSep 9

Description

An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). cyassl_connect_step2 in curl/vtls/cyassl.c has a missing X509_free after SSL_get_peer_certificate, leading to information disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

โ–ถNVDsamsung/tizenrt4 versions+3

๐Ÿ”ดVulnerability Details

3
GHSA
GHSA-p2px-rphp-6xx6: An issue was discovered in Samsung TizenRT through 3โ†—2022-09-09
โ–ถ
OSV
CVE-2022-40281: An issue was discovered in Samsung TizenRT through 3โ†—2022-09-08
โ–ถ
CVEList
CVE-2022-40281: An issue was discovered in Samsung TizenRT through 3โ†—2022-09-08
โ–ถ
CVE-2022-40281 โ€” Samsung Tizenrt vulnerability | cvebase