CVE-2022-39829

Published: Sep 5, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_CTX_new.html

x_refsource_MISC

https://github.com/Samsung/mTower/issues/75

x_refsource_MISC

https://github.com/Samsung/mTower/blob/18f4b592a8a973ce5972f4e2658ea0f6e3686284/tools/ecdsa_keygen.c#L135

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-39829

Description

Affected Products

References