How severe is CVE-2018-3863?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.9 out of 10.

What type of vulnerability is CVE-2018-3863?

This is classified as CWE-787, which is a common weakness in software security.

CVE-2018-3863

CRITICAL Year: 2018

CVSS v3 Score

9.9

Critical

CVSS v2 Score

9.0

Critical

Weakness Type

CWE-787

View all →

Vulnerability Description

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. A strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "user" value in order to exploit this vulnerability.

CVE-2017-2620

CRITICAL

CVSS:9.9(Critical)

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cput...

CWE-7872017

CVE-2018-3866

CRITICAL

CVSS:9.9(Critical)

An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process...

CWE-7872018

CVE-2018-3867

CRITICAL

CVSS:9.9(Critical)

An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware ve...

CWE-7872018

CVE-2018-3893

CRITICAL

CVSS:9.9(Critical)

An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core pro...

CWE-7872018

CVE-2018-3902

CRITICAL

CVSS:9.9(Critical)

An exploitable buffer overflow vulnerability exists in the camera "replace" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-...

CWE-7872018