Lucene search

Samsung MobileCVE-2023-21511

HistoryMay 04, 2023 - 9:15 p.m.

CVE-2023-21511

2023-05-0421:15:11

CWE-125

Samsung Mobile

web.nvd.nist.gov

cve

2023

21511

out-of-bounds read

vulnerability

bc_core

trustlet

samsung

blockchain keystore

local attacker

arbitrary memory

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

Percentile

5.1%

JSON

Out-of-bounds Read vulnerability while processing CMD_COLDWALLET_BTC_SET_PRV_UTXO in bc_core trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory.

Affected configurations

Nvd

Node

samsungsamsung_blockchain_keystoreRange<1.3.12.1

VendorProductVersionCPE
samsungsamsung_blockchain_keystore*cpe:2.3:a:samsung:samsung_blockchain_keystore:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
samsung	samsung_blockchain_keystore	*	cpe:2.3:a:samsung:samsung_blockchain_keystore::::::::

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Blockchain Keystore",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "1.3.12.1",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2023&month=05

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-21511