Description
Release of invalid pointer or reference vulnerability in Samsung Open Source Escargot allows Buffer Manipulation.

This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Published: 2026-05-19
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw arises when Escargot releases an invalid pointer or reference, which enables an attacker to manipulate a buffer. This action corrupts memory and may result in denial of service or provide a foothold for exploiting other vulnerabilities. The weakness is a memory management flaw classified as CWE-763.

Affected Systems

The issue is present in Samsung Escargot at commit 590345cc6258317c5da850d846ce6baaf2afc2d3. No specific version range is listed; only this commit is affected.

Risk and Exploitability

The CVSS score of 5.5 classifies the vulnerability as moderate. EPSS is not available and the vulnerability is not listed in CISA's KEV catalog, indicating no known public exploitation. The likely attack vector is local execution; an attacker with access to Escargot can corrupt memory, leading to denial of service or providing a potential launch point for other attacks. The risk remains moderate but warrants timely remediation.

Generated by OpenCVE AI on May 19, 2026 at 08:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Escargot to a release that incorporates the patch from PR 1565, which fixes the invalid pointer release bug.
  • If an immediate update is not possible, run Escargot under a non‑privileged user and limit untrusted input to reduce the chance of buffer manipulation.
  • Add runtime memory sanitization such as AddressSanitizer or enable bounds checking to detect and prevent invalid memory writes during development and testing.

Generated by OpenCVE AI on May 19, 2026 at 08:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Samsung Open Source
Samsung Open Source escargot
Vendors & Products Samsung Open Source
Samsung Open Source escargot

Tue, 19 May 2026 07:45:00 +0000

Type Values Removed Values Added
Description Release of invalid pointer or reference vulnerability in Samsung Open Source Escargot allows Buffer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Weaknesses CWE-763
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Samsung Open Source Escargot
cve-icon MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published:

Updated: 2026-05-19T06:27:17.516Z

Reserved: 2026-05-19T02:40:40.159Z

Link: CVE-2026-47312

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-19T08:16:15.030

Modified: 2026-05-19T08:16:15.030

Link: CVE-2026-47312

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T09:00:06Z

Weaknesses