Description
Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.
Published: 2026-04-13
Score: 7.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

An out‑of‑bounds write in the Samsung Open Source Escargot JavaScript engine corrupts adjacent memory, creating a classic buffer overflow condition. Such memory corruption can allow an attacker to overwrite critical control data, resulting in arbitrary code execution, loss of system integrity, and potentially denial of service.

Affected Systems

The flaw exists in the Escargot project at commit 97e8115ab1110bc502b4b5e4a0c689a71520d335. Systems that incorporate this code, regardless of build or deployment environment, are affected. Updating to a version that includes the missing commit will remove the vulnerability.

Risk and Exploitability

The CVSS score of 7.4 indicates high severity. EPSS information is unavailable, and the vulnerability is not listed in CISA’s KEV catalog, so current exploitation likelihood is uncertain. However, because the issue is a classic out‑of‑bounds write, an attacker who can supply crafted JavaScript to Escargot—whether through a web page, script execution, or other automated input—may trigger the overflow. The actual attack vector is not directly stated, so this is inferred from the nature of the defect and typical JavaScript engine usage.

Generated by OpenCVE AI on April 13, 2026 at 06:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest commit that fixes the overflow (97e8115ab1110bc502b4b5e4a0c689a71520d335) to your Escargot code base.
  • Verify that your deployed Escargot repository or binary includes this patch or newer.
  • If the patch is not yet available in your distribution, monitor the Escargot GitHub repository or Samsung release notes for updates.

Generated by OpenCVE AI on April 13, 2026 at 06:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Write in Samsung Escargot Leading to Potential Code Execution

Mon, 13 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Samsung Open Source
Samsung Open Source escargot
Vendors & Products Samsung Open Source
Samsung Open Source escargot

Mon, 13 Apr 2026 05:15:00 +0000

Type Values Removed Values Added
Description Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Samsung Open Source Escargot
cve-icon MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published:

Updated: 2026-04-13T13:16:25.719Z

Reserved: 2026-01-30T06:07:11.090Z

Link: CVE-2026-25207

cve-icon Vulnrichment

Updated: 2026-04-13T13:16:23.145Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-13T05:16:02.670

Modified: 2026-04-13T15:01:43.663

Link: CVE-2026-25207

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:53:06Z

Weaknesses