CVE-2018-3926

MEDIUM Year: 2018
CVSS v3 Score
5.3
Medium
CVSS v2 Score
4.9
Medium
Weakness Type
CWE-191
View all →

Vulnerability Description

An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing in its data directory, leading to an infinite loop, which eventually causes the process to crash. An attacker can send an HTTP request to trigger this vulnerability.

Related Vulnerabilities

CVE-2020-11909

MEDIUM
CVSS:5.3(Medium)

The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow.

CWE-1912020

CVE-2020-24370

MEDIUM
CVSS:5.3(Medium)

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).

CWE-1912020

CVE-2024-52558

MEDIUM
CVSS:5.3(Medium)

The affected product is vulnerable to an integer underflow. An unauthenticated attacker could send a malformed HTTP request, which could allow the attacker to crash the program.

CWE-1912024

CVE-2015-1208

MEDIUM
CVSS:5.5(Medium)

Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 f...

CWE-1912015

CVE-2017-13666

MEDIUM
CVSS:5.5(Medium)

An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products. A small height value can ...

CWE-1912017

CVE-2017-15874

MEDIUM
CVSS:5.5(Medium)

archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation.

CWE-1912017