Description
Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Excessive Allocation.

This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Published: 2026-05-19
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an uncontrolled recursion in the Samsung Open Source Escargot engine, which allows attackers to trigger excessive memory allocation. This can exhaust system resources and ultimately result in a denial of service condition. It is classified as CWE‑674, representing unchecked recursion that leads to resource exhaustion.

Affected Systems

The affected product is Samsung Open Source Escargot, specifically the code referenced by commit hash 590345cc6258317c5da850d846ce6baaf2afc2d3. Any deployment of Escargot that includes this commit is susceptible unless patched.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity, but the lack of an EPSS score and absence from the CISA KEV catalog suggest limited known exploitation. The attack vector is inferred to involve sending crafted input or scripts that trigger recursion, leading to resource exhaustion. Administrators should treat this as a risk to availability when Escargot processes untrusted input and implement remediation accordingly.

Generated by OpenCVE AI on May 19, 2026 at 08:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Escargot to the latest stable release that incorporates the recursion mitigation commit.
  • Apply runtime memory usage limits or sandboxing to constrain the Escargot process's memory consumption.
  • Validate input and, if supported, configure recursion depth limits within Escargot to prevent uncontrolled recursion.

Generated by OpenCVE AI on May 19, 2026 at 08:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Samsung
Samsung escargot
CPEs cpe:2.3:a:samsung:escargot:2026-05-14:*:*:*:*:*:*:*
Vendors & Products Samsung
Samsung escargot

Tue, 19 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 19 May 2026 08:45:00 +0000

Type Values Removed Values Added
Title Uncontrolled Recursion Leading to Excessive Allocation in Escargot
First Time appeared Samsung Open Source
Samsung Open Source escargot
Vendors & Products Samsung Open Source
Samsung Open Source escargot

Tue, 19 May 2026 07:45:00 +0000

Type Values Removed Values Added
Description Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Weaknesses CWE-674
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Samsung Escargot
Samsung Open Source Escargot
cve-icon MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published:

Updated: 2026-05-19T13:24:05.819Z

Reserved: 2026-05-19T05:50:23.979Z

Link: CVE-2026-47317

cve-icon Vulnrichment

Updated: 2026-05-19T13:24:03.208Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-19T08:16:16.093

Modified: 2026-06-02T20:42:48.617

Link: CVE-2026-47317

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T08:30:36Z

Weaknesses