Lacking a check for the return value of EVP_CIPHER_CTX_new.
EVP_CIPHER_CTX_new() returns a pointer to a newly created EVP_CIPHER_CTX for success and NULL for failure.
Suggested description of the vulnerability for use in the CVE
Null pointer dereference vulnerability in aes256_encrypt() function in Samsung Electronics mTower v0.3.0 (and earlier) due to a missing check on the return value of EVP_CIPHER_CTX_new.
Affected components
affected source code file: tools/ecdsa_keygen.c
Attack vector(s)
Lacking a check for the return value of EVP_CIPHER_CTX_new.
EVP_CIPHER_CTX_new() returns a pointer to a newly created EVP_CIPHER_CTX for success and NULL for failure.
Suggested description of the vulnerability for use in the CVE
Null pointer dereference vulnerability in aes256_encrypt() function in Samsung Electronics mTower v0.3.0 (and earlier) due to a missing check on the return value of EVP_CIPHER_CTX_new.
Discoverer(s)/Credits
UVScan
Reference(s)
https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_CTX_new.html
mTower/tools/ecdsa_keygen.c
Line 135 in 18f4b59
The text was updated successfully, but these errors were encountered: