Skip to main content

Samsung Walrus CVE-2026-47308

| EUVDEUVD-2026-30836 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-19 samsung.tv_appliance GHSA-v22h-74vw-3j73
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Source Code Evidence Fetched
May 19, 2026 - 05:16 vuln.today
Analysis Generated
May 19, 2026 - 05:16 vuln.today

DescriptionCVE.org

NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation.

This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.

AnalysisAI

NULL pointer dereference in Samsung's open-source Walrus WebAssembly runtime crashes the parser when processing malformed WASM binaries, resulting in denial of service. The vulnerability exists in the WASMBinaryReader component (WASMParser.cpp) at commit f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9, where multiple error-handling code paths fail to return early, allowing execution to continue past invalid state and dereference null pointers. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Technical ContextAI

Walrus (cpe:2.3:a:samsung_open_source:walrus:*:*:*:*:*:*:*:*) is Samsung's open-source WebAssembly runtime engine, which relies on a forked and extended version of the wabt (WebAssembly Binary Toolkit) library for binary parsing. The vulnerability (CWE-476: NULL Pointer Dereference) resides in the WASMBinaryReader class within src/parser/WASMParser.cpp and its associated delegate in third_party/wabt/src/walrus/binary-reader-walrus.cc. The parser processes WASM binary sections sequentially; when a malformed or adversarially crafted WASM file triggers an internal parse error, the absence of early-return guards in at least eleven distinct code paths allows the parser to continue operating on invalid or null state. The fix in PR #409 adds explicit return statements at each of these paths, introduces a PARSER_RESOURCE_LIMIT check for local declaration counts, refactors m_walrusParseError storage from WASMBinaryReader into the base WASMBinaryReaderDelegate class, and adds a CheckParseError() method to BinaryReaderDelegateWalrus to propagate error state cleanly.

RemediationAI

The primary fix is to apply the upstream patch from GitHub PR #409 (https://github.com/Samsung/walrus/pull/409), which adds early-return guards throughout the WASM binary parser and introduces resource limit enforcement for local declarations. Upstream fix is available via the PR commit; a released patched version has not been independently confirmed, so consumers of Walrus should build from the patched branch or cherry-pick the changes into their deployment. Organizations that embed Walrus in a product should monitor the Samsung/walrus GitHub repository for a tagged stable release incorporating this fix. As a compensating control prior to patching, applications using Walrus should validate WASM binary inputs against a strict schema or byte-level allowlist before passing them to the parser, and should run the Walrus parser in an isolated process or sandbox so that a crash does not affect the broader application. Restricting the sources from which WASM binaries are accepted (e.g., rejecting user-supplied or externally-fetched WASM in production) directly reduces attack surface at the cost of reduced functionality.

CVE-2024-7399 HIGH POC
8.8 Aug 12

Arbitrary file write as SYSTEM in Samsung MagicINFO 9 Server before version 21.1050 allows remote attackers to place att

CVE-2025-4632 CRITICAL POC
9.8 May 13

Samsung MagicINFO 9 Server contains a path traversal vulnerability allowing unauthenticated attackers to write arbitrary

CVE-2012-4333 CRITICAL POC
10.0 Aug 14

Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0

CVE-2017-16524 HIGH POC
8.8 Nov 06

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_u

CVE-2015-8279 HIGH POC
8.6 Jan 15

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an un

CVE-2017-17692 HIGH POC
7.5 Dec 21

Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive informat

CVE-2012-6429 CRITICAL POC
10.0 Apr 04

Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7

CVE-2012-4329 HIGH POC
7.8 Aug 14

The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart

CVE-2012-4330 HIGH POC
7.8 Aug 14

The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long

CVE-2012-4334 CRITICAL POC
10.0 Aug 14

The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i v

CVE-2015-5473 CRITICAL
9.8 Jun 01

Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary

CVE-2012-4250 CRITICAL POC
9.3 Aug 13

Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls

Share

CVE-2026-47308 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy