Closed
Description
Affected components
affected source code file: tools/fwinfogen.c
Attack vector(s)
Lacking a check for the return value of EC_KEY_set_public_key_affine_coordinates.
EC_KEY_set_public_key_affine_coordinates() returns 1 on success or 0 on error.
Suggested description of the vulnerability for use in the CVE
DoS vulnerability in sign_pFwInfo() function in Samsung Electronics mTower v0.3.0 (and earlier) due to a missing check on the return value of EC_KEY_set_public_key_affine_coordinates.
Discoverer(s)/Credits
UVScan
Reference(s)
https://www.openssl.org/docs/manmaster/man3/EC_KEY_set_public_key_affine_coordinates.html
Line 194 in 18f4b59
Metadata
Assignees
Labels
No labels