Tizenrt
CVE-2022-40281
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). cyassl_connect_step2 in curl/vtls/cyassl.c has a missing X509_free after SSL_get_peer_certificate, leading to information disclosure.
AnalysisAI
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Memory Leak (CWE-401), which allows attackers to exhaust available memory leading to denial of service. An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). cyassl_connect_step2 in curl/vtls/cyassl.c has a missing X509_free after SSL_get_peer_certificate, leading to information disclosure. Affected products include: Samsung Tizenrt. Version information: through 3.0.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Ensure all allocated memory is properly freed. Use RAII patterns or garbage-collected languages.
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). Rated high severity (CVSS 7.5), this vulnerabi
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). Rated high severity (CVSS 7.5), this vulnerabi
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). Rated high severity (CVSS 7.5), this vulnerabi
Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in functions_calloc and mm_zalloc. Rated high severit
Same weakness CWE-401 – Memory Leak
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today