Description
Integer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.
Published: 2026-04-13
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Memory corruption via buffer overflow
Action: Apply patch
AI Analysis

Impact

An integer overflow has been identified in the Samsung Open Source Escargot project. The flaw allows an attacker to supply input that causes a size calculation to wrap around, leading to a buffer overflow. The resulting memory corruption could compromise the stability and confidentiality of the affected system.

Affected Systems

The vulnerability affects the Escargot JavaScript engine from Samsung Open Source. The affected code is identified by commit 97e8115ab1110bc502b4b5e4a0c689a71520d335. No specific release version numbers are listed in the advisory.

Risk and Exploitability

The CVSS base score of 8.1 indicates a high severity vulnerability. Exploit probability (EPSS) data is not provided. The vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog. While the description does not specify how the overflow could be triggered, it is reasonable to assume that any malicious input processed by the vulnerable function could trigger the overflow, making both local and remote exploitation theoretically possible depending on the context in which Escargot runs.

Generated by OpenCVE AI on April 13, 2026 at 06:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Escargot to the commit that includes the fix introduced in PR 1554
  • Build the updated binary and verify that the buffer overflow no longer occurs

Generated by OpenCVE AI on April 13, 2026 at 06:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Integer Overflow Causing Buffer Overflow in Escargot

Mon, 13 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Samsung Open Source
Samsung Open Source escargot
Vendors & Products Samsung Open Source
Samsung Open Source escargot

Mon, 13 Apr 2026 05:15:00 +0000

Type Values Removed Values Added
Description Integer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Samsung Open Source Escargot
cve-icon MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published:

Updated: 2026-04-13T13:10:14.911Z

Reserved: 2026-01-30T06:07:11.090Z

Link: CVE-2026-25208

cve-icon Vulnrichment

Updated: 2026-04-13T13:10:10.526Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-13T05:16:02.800

Modified: 2026-04-13T15:01:43.663

Link: CVE-2026-25208

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:53:05Z

Weaknesses