Description
Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.
Published: 2026-04-13
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Resource Leak Exposure
Action: Immediate Patch
AI Analysis

Impact

An out-of-bounds read flaw in Samsung Open Source Escargot permits the program to read memory beyond its intended boundary, exposing internal data structures and heap contents. Classified as CWE‑125, the vulnerability can disclose sensitive information without causing a crash or altering program state. It becomes exploitable when Escargot processes malformed inputs, enabling the reading of unintended memory regions.

Affected Systems

The flaw resides in Samsung Open Source Escargot and is identified by the commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335. No specific release or version number is enumerated in the advisory, so any revision that contains this commit remains vulnerable until a patch is applied.

Risk and Exploitability

The CVSS score of 6.7 indicates moderate severity, suggesting that an attacker can gain partial data disclosure but lacks the capability for remote code execution. The EPSS score is unavailable and the vulnerability has not been listed in the CISA KEV catalog, implying no confirmed public exploits are known. Exfiltration of data would likely be limited to environments where the Escargot engine is exposed to untrusted input; the vulnerability requires crafted input to trigger the out-of-bounds read.

Generated by OpenCVE AI on April 13, 2026 at 06:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch committed in the GitHub pull request linked in the advisory, which corrects the out-of-bounds read logic.
  • If immediate patching is not possible, isolate or sandbox the Escargot engine to limit the impact of malicious inputs and monitor for abnormal memory access patterns.

Generated by OpenCVE AI on April 13, 2026 at 06:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Escargot Resource Leak via Out-of-Bounds Read

Mon, 13 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Samsung Open Source
Samsung Open Source escargot
Vendors & Products Samsung Open Source
Samsung Open Source escargot

Mon, 13 Apr 2026 05:15:00 +0000

Type Values Removed Values Added
Description Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H'}

Subscriptions

Samsung Open Source Escargot
cve-icon MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published:

Updated: 2026-04-13T13:16:57.720Z

Reserved: 2026-01-30T06:07:11.090Z

Link: CVE-2026-25206

cve-icon Vulnrichment

Updated: 2026-04-13T13:16:54.409Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-13T05:16:02.540

Modified: 2026-04-13T15:01:43.663

Link: CVE-2026-25206

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:53:08Z

Weaknesses