Skip to content

Security: NULL Pointer Dereference in the function aes256_encrypt() #75

Closed
@UVScan

Description

Affected components

affected source code file: tools/ecdsa_keygen.c

Attack vector(s)

Lacking a check for the return value of EVP_CIPHER_CTX_new.
EVP_CIPHER_CTX_new() returns a pointer to a newly created EVP_CIPHER_CTX for success and NULL for failure.

Suggested description of the vulnerability for use in the CVE

Null pointer dereference vulnerability in aes256_encrypt() function in Samsung Electronics mTower v0.3.0 (and earlier) due to a missing check on the return value of EVP_CIPHER_CTX_new.

Discoverer(s)/Credits

UVScan

Reference(s)

https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_CTX_new.html

enc_ctx = EVP_CIPHER_CTX_new();

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions