Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-40280: Security: DoS vulnerability in function createDB() · Issue #5627 · Samsung/TizenRT

An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_close after sqlite3_open_v2, leading to a denial of service.

CVE
Open in Source
#sql#vulnerability#dos#samsung

Affected components

affected source code file: external/iotivity/iotivity_1.2-rel/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c

Attack vector(s)

Missing sqlite3_close after sqlite3_open_v2.
Whether or not an error occurs when it is opened, resources associated with the database connection handle should be released by passing it to sqlite3_close() when it is no longer required.

Suggested description of the vulnerability for use in the CVE

DoS vulnerability in createDB() function in Samsung Electronics TizenRT latest version (and earlier) due to missing sqlite3_close after sqlite3_open_v2.

Discoverer(s)/Credits

UVScan

Reference(s)

https://www.sqlite.org/c3ref/open.html

TizenRT/external/iotivity/iotivity_1.2-rel/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c

Line 100 in f8f776d

result = sqlite3_open_v2(path, &g_db, SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE, NULL);

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE