EUVD-2026-30837
GHSA-g7q7-7hc8-vc6w
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.
This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
AnalysisAI
Heap-based buffer overflow in Samsung's Escargot JavaScript engine (commit 590345cc6258317c5da850d846ce6baaf2afc2d3) allows remote attackers to corrupt heap memory and likely achieve arbitrary code execution when a victim processes attacker-controlled JavaScript. No public exploit identified at time of analysis, but the upstream fix (PR #1565) reveals multiple memory-safety hardening changes including integer underflow protection in TypedArray.copyWithin, fast-mode array conversion checks during spread operations, and OOM handling, indicating concrete reachable corruption paths. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Create inventory of all devices/systems running Escargot engine; document business-critical applications depending on this component; contact Samsung support for patch availability and timeline. Within 7 days: Restrict JavaScript execution to digitally signed, whitelisted sources; disable Escargot engine for non-essential workloads; brief user community on risks of processing untrusted scripts. …
Sign in for detailed remediation steps.
More from same product – last 7 days
Out-of-bounds write in Samsung's Escargot JavaScript engine allows attacker-supplied scripts to corrupt memory through t
In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use priv->vidi_dev for ctx lookup
In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: fix to avoid directly dereferenci
Share
External POC / Exploit Code
Leaving vuln.today