Description
Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.

This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Published: 2026-05-19
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Samsung’s open‑source JavaScript engine Escargot is affected by a heap‑based buffer overflow that can corrupt memory when an overflow occurs. This flaw allows an attacker to overwrite adjacent memory areas, potentially leading to arbitrary code execution or denial of service. The vulnerability is identified as CWE‑122 and carries a CVSS score of 7.8, indicating a high severity level.

Affected Systems

The affected product is Samsung Open Source Escargot. The specific commit impacted is 590345cc6258317c5da850d846ce6baaf2afc2d3. No additional version ranges are listed.

Risk and Exploitability

The CVSS score of 7.8 denotes a high severity risk. EPSS information is not available, so the current exploitation probability is unknown. The vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed exploits are publicly documented. The attack vector is not specified in the supplied data, so it is not clear whether the flaw requires local access or can be triggered remotely. The potential impact remains that an attacker who exploits the overflow could run arbitrary code or crash the application.

Generated by OpenCVE AI on May 19, 2026 at 07:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Escargot to the latest committed revision that incorporates the fix referenced in the GitHub pull request (https://github.com/Samsung/escargot/pull/1565).
  • Rebuild the application with strong memory protection measures such as stack canaries, address space layout randomization (ASLR), and proper bounds checking enabled.
  • Regularly check the Samsung Escargot project or vendor website for any additional patches or updates addressing the buffer overflow vulnerability.

Generated by OpenCVE AI on May 19, 2026 at 07:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 07:45:00 +0000

Type Values Removed Values Added
Title Heap‑Based Buffer Overflow in Samsung Escargot
First Time appeared Samsung Open Source
Samsung Open Source escargot
Vendors & Products Samsung Open Source
Samsung Open Source escargot

Tue, 19 May 2026 06:30:00 +0000

Type Values Removed Values Added
Description Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Samsung Open Source Escargot
cve-icon MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published:

Updated: 2026-05-19T04:58:40.925Z

Reserved: 2026-05-19T02:40:40.159Z

Link: CVE-2026-47311

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-19T07:16:30.070

Modified: 2026-05-19T07:16:30.070

Link: CVE-2026-47311

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T07:30:44Z

Weaknesses