Description
Memory allocation with excessive size value vulnerability in Samsung Open Source Escargot allows Excessive Allocation.

This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Published: 2026-05-19
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a memory allocation flaw caused by an excessive size value. This issue allows an attacker to trigger an allocation of an excessively large amount of memory, which can exhaust system resources or cause the Escargot engine to crash. The flaw is classified as CWE‑789 (Uncontrolled Memory Allocation).

Affected Systems

The affected product is Samsung Open Source Escargot. The specific commit where the vulnerability exists is 590345cc6258317c5da850d846ce6baaf2afc2d3. The fix has been merged in subsequent commits; users of this commit or earlier versions are vulnerable.

Risk and Exploitability

The CVSS score is 5.5, indicating moderate severity. EPSS data is not available, and the vulnerability is not listed in CISA KEV. The attack vector is not explicitly stated in the advisory, but given the memory allocation context, it is likely exploitable via input that causes large allocations, potentially from any interface that accepts user‑supplied data. Without a patch, an attacker could induce a denial‑of‑service by exhausting memory resources. The risk is moderate but should be mitigated promptly.

Generated by OpenCVE AI on May 19, 2026 at 08:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Escargot to a version including the fix (e.g., commit 590345cc or later).
  • Implement runtime bounds checking to ensure allocation sizes do not exceed safe limits.
  • Restrict memory usage at the OS level with cgroups or ulimits to prevent exhaustion.

Generated by OpenCVE AI on May 19, 2026 at 08:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Samsung Open Source
Samsung Open Source escargot
Vendors & Products Samsung Open Source
Samsung Open Source escargot

Tue, 19 May 2026 08:45:00 +0000

Type Values Removed Values Added
Title Escargot Excessive Memory Allocation Vulnerability

Tue, 19 May 2026 07:45:00 +0000

Type Values Removed Values Added
Description Memory allocation with excessive size value vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Weaknesses CWE-789
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Samsung Open Source Escargot
cve-icon MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published:

Updated: 2026-05-19T06:28:34.474Z

Reserved: 2026-05-19T02:40:40.159Z

Link: CVE-2026-47313

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-19T08:16:15.603

Modified: 2026-05-19T08:16:15.603

Link: CVE-2026-47313

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T09:00:06Z

Weaknesses