Description
Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.

This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31.
Published: 2026-05-28
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out-of-bounds write in the Samsung Open Source Escargot JavaScript engine. By overflowing a buffer, an attacker can corrupt adjacent memory, potentially enabling arbitrary code execution or causing a crash. The flaw is classified as CWE‑787. The compromised memory area could be used to hijack control flow, leading to denial of service or execution of malicious code.

Affected Systems

Samsung Escargot, a JavaScript engine maintained by Samsung Open Source. The affected revision is commit 36f5fb58366a67b713c02f6fd985e924fcc09e31. No other versions or broader products are listed.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity. EPSS information is not available, so the current exploitation probability is unknown, but the lack of KEV listing suggests no confirmed public exploits yet. The likely attack vector is through malicious JavaScript executed within Escargot, meaning local or remote code execution is possible if the engine processes untrusted input. The risk remains high because a buffer overflow can lead to arbitrary code execution, especially when Escargot runs with system privileges.

Generated by OpenCVE AI on May 28, 2026 at 01:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch introduced in pull request 1579 by updating Escargot to a commit that includes the fix, such as the latest commit after the PR merge.
  • If an immediate update is not possible, rebuild Escargot with compiler defenses like stack protection and fortify source, and enable thorough bounds checking during compilation.
  • Run Escargot in a sandboxed or least-privileged environment and restrict execution of untrusted JavaScript code.

Generated by OpenCVE AI on May 28, 2026 at 01:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 28 May 2026 03:15:00 +0000

Type Values Removed Values Added
First Time appeared Samsung Open Source
Samsung Open Source escargot
Vendors & Products Samsung Open Source
Samsung Open Source escargot

Thu, 28 May 2026 02:15:00 +0000

Type Values Removed Values Added
Title Escargot Out-of-Bounds Write Vulnerability

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
Description Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31.
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Samsung Open Source Escargot
cve-icon MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published:

Updated: 2026-05-28T13:11:34.514Z

Reserved: 2026-05-19T05:50:08.520Z

Link: CVE-2026-8915

cve-icon Vulnrichment

Updated: 2026-05-28T13:11:31.512Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-28T00:16:43.950

Modified: 2026-05-28T13:44:54.327

Link: CVE-2026-8915

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T03:00:05Z

Weaknesses