Skip to content

Security: Lacking a check for the return value of EC_KEY_set_public_key_affine_coordinates() #77

Closed
@UVScan

Description

Affected components

affected source code file: tools/fwinfogen.c

Attack vector(s)

Lacking a check for the return value of EC_KEY_set_public_key_affine_coordinates.
EC_KEY_set_public_key_affine_coordinates() returns 1 on success or 0 on error.

Suggested description of the vulnerability for use in the CVE

DoS vulnerability in sign_pFwInfo() function in Samsung Electronics mTower v0.3.0 (and earlier) due to a missing check on the return value of EC_KEY_set_public_key_affine_coordinates.

Discoverer(s)/Credits

UVScan

Reference(s)

https://www.openssl.org/docs/manmaster/man3/EC_KEY_set_public_key_affine_coordinates.html

EC_KEY_set_public_key_affine_coordinates(eckey, x, y);

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions