Skip to main content

Samsung Escargot CVE-2026-47315

| EUVDEUVD-2026-30847 MEDIUM
Improper Check for Unusual or Exceptional Conditions (CWE-754)
2026-05-19 samsung.tv_appliance GHSA-4q76-r9jm-m677
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Source Code Evidence Fetched
May 19, 2026 - 08:32 vuln.today
Analysis Generated
May 19, 2026 - 08:32 vuln.today

DescriptionCVE.org

Improper Check for Unusual or Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation.

This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

AnalysisAI

Denial-of-service in Samsung's Escargot JavaScript engine (commit 590345cc) stems from multiple unhandled exceptional conditions - including a null error-value dereference during nested eval/throw/finally sequences, integer underflow in TypedArray.copyWithin after runtime buffer resize, an unhandled out-of-memory condition in the garbage collector, and an invalid fast-mode array assertion during spread operations. Exploitation requires local access and user interaction (AV:L/UI:R per CVSS), crashing or aborting the Escargot runtime process. No public exploit code or CISA KEV listing exists at time of analysis; an upstream fix is available as GitHub PR #1565 but no tagged release version has been confirmed.

Technical ContextAI

Escargot (CPE: cpe:2.3:a:samsung_open_source:escargot:*:*:*:*:*:*:*:*) is a lightweight, embedded JavaScript engine developed by Samsung Open Source, primarily targeting resource-constrained environments such as Samsung smart TVs and appliances (consistent with the 'samsung.tv_appliance' reporter identifier). CWE-754 (Improper Check for Unusual or Exceptional Conditions) covers a class of bugs where the software does not adequately check for or handle exceptional runtime states. The PR diff reveals at least five distinct defects: (1) EscargotPublic.cpp dereferences an error value without first verifying hasValue(), exploitable via crafted nested eval-throw-finally patterns that trigger allocation during unwinding; (2) BuiltinTypedArray.cpp computes a count that can go negative after a resizable ArrayBuffer is modified during argument coercion, causing integer underflow when cast to size_t; (3) Heap.cpp lacked an OOM callback, allowing the GC allocator to silently fail; (4) ByteCodeInterpreter.cpp assumed arrays remain in fast mode after setArrayLength, an invalid invariant when length thresholds are exceeded during spread; (5) DataViewObject.h re-coerced a numeric value after buffer state changed, introducing a TOCTOU-style inconsistency. All defects share the CWE-754 root cause: missing guards for states that the engine's implicit invariants assumed could not occur.

RemediationAI

The upstream fix is available as GitHub PR #1565 (https://github.com/Samsung/escargot/pull/1565), which patches all five identified defects across EscargotPublic.cpp, BuiltinTypedArray.cpp, Heap.cpp, ByteCodeInterpreter.cpp, DataViewObject.h, and FinalizationRegistryObject.cpp. A patched tagged release version has not been independently confirmed - this is a PR/commit-level fix, not a versioned release. Consumers of Escargot as a library should build from a commit after this PR is merged and verify the fix is included. For embedded platform operators (Samsung TV/appliance firmware), apply the OEM firmware update once Samsung releases a patched build incorporating this fix. As a compensating control where patching is not immediately possible, restricting the source and content of JavaScript processed by the Escargot runtime - for example, disabling execution of third-party or untrusted scripts - reduces crash exposure, though this may limit platform functionality. Enabling AddressSanitizer (ASAN) builds for testing environments is now natively supported by the PR's new ASAN detection macros and can help detect further memory-safety edge cases before production deployment.

CVE-2024-7399 HIGH POC
8.8 Aug 12

Arbitrary file write as SYSTEM in Samsung MagicINFO 9 Server before version 21.1050 allows remote attackers to place att

CVE-2025-4632 CRITICAL POC
9.8 May 13

Samsung MagicINFO 9 Server contains a path traversal vulnerability allowing unauthenticated attackers to write arbitrary

CVE-2012-4333 CRITICAL POC
10.0 Aug 14

Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0

CVE-2017-16524 HIGH POC
8.8 Nov 06

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_u

CVE-2015-8279 HIGH POC
8.6 Jan 15

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an un

CVE-2017-17692 HIGH POC
7.5 Dec 21

Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive informat

CVE-2012-6429 CRITICAL POC
10.0 Apr 04

Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7

CVE-2012-4329 HIGH POC
7.8 Aug 14

The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart

CVE-2012-4330 HIGH POC
7.8 Aug 14

The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long

CVE-2012-4334 CRITICAL POC
10.0 Aug 14

The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i v

CVE-2015-5473 CRITICAL
9.8 Jun 01

Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary

CVE-2012-4250 CRITICAL POC
9.3 Aug 13

Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls

Share

CVE-2026-47315 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy