Description
Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Excessive Allocation.

This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Published: 2026-05-19
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an uncontrolled recursion in the Samsung Open Source Escargot engine, which allows attackers to trigger excessive memory allocation. This can exhaust system resources and ultimately result in a denial of service condition. It is classified as CWE‑674, representing unchecked recursion that leads to resource exhaustion.

Affected Systems

The affected product is Samsung Open Source Escargot, specifically the code referenced by commit hash 590345cc6258317c5da850d846ce6baaf2afc2d3. Any deployment of Escargot that includes this commit is susceptible unless patched.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity, but the lack of an EPSS score and absence from the CISA KEV catalog suggest limited known exploitation. The attack vector is inferred to involve sending crafted input or scripts that trigger recursion, leading to resource exhaustion. Administrators should treat this as a risk to availability when Escargot processes untrusted input and implement remediation accordingly.

Generated by OpenCVE AI on May 19, 2026 at 08:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Escargot to the latest stable release that incorporates the recursion mitigation commit.
  • Apply runtime memory usage limits or sandboxing to constrain the Escargot process's memory consumption.
  • Validate input and, if supported, configure recursion depth limits within Escargot to prevent uncontrolled recursion.

Generated by OpenCVE AI on May 19, 2026 at 08:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 08:45:00 +0000

Type Values Removed Values Added
Title Uncontrolled Recursion Leading to Excessive Allocation in Escargot
First Time appeared Samsung Open Source
Samsung Open Source escargot
Vendors & Products Samsung Open Source
Samsung Open Source escargot

Tue, 19 May 2026 07:45:00 +0000

Type Values Removed Values Added
Description Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Weaknesses CWE-674
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Samsung Open Source Escargot
cve-icon MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published:

Updated: 2026-05-19T06:35:01.473Z

Reserved: 2026-05-19T05:50:23.979Z

Link: CVE-2026-47317

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-19T08:16:16.093

Modified: 2026-05-19T08:16:16.093

Link: CVE-2026-47317

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T08:30:36Z

Weaknesses