CVE-2024-32673 - Vulnerability Details - OpenCVE

ReportizFlow

Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly runtime engine allows a segmentation fault issue. This issue affects Walrus: before 72c7230f32a0b791355bbdfc78669701024b0956.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/Samsung/walrus/pull/241

History

Fri, 16 Aug 2024 07:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 16 Aug 2024 06:45:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV4_0 `{'score': 0, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}` cvssV4_0 `{'score': 6.7, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/U:Clear'}`

MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published: 2024-07-03T01:21:16.898Z

Updated: 2024-08-16T06:40:46.571Z

Reserved: 2024-04-17T05:10:39.227Z

Link: CVE-2024-32673

Vulnrichment

Updated: 2024-08-02T02:13:40.468Z

NVD

Status : Awaiting Analysis

Published: 2024-07-03T02:15:10.297

Modified: 2024-11-21T09:15:26.800

Link: CVE-2024-32673

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-32673", "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "state": "PUBLISHED", "assignerShortName": "samsung.tv_appliance", "dateReserved": "2024-04-17T05:10:39.227Z", "datePublished": "2024-07-03T01:21:16.898Z", "dateUpdated": "2024-08-16T06:40:46.571Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "Webassembly runtime engine", "product": "Walrus", "repo": "https://github.com/Samsung/walrus", "vendor": "Samsung Open Source", "versions": [{"lessThan": "72c7230f32a0b791355bbdfc78669701024b0956", "status": "unaffected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Sangwoo Park"}, {"lang": "en", "type": "reporter", "value": "Jeongmin Choi"}], "datePublic": "2024-07-02T00:12:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly runtime engine allows a segmentation fault issue.\n\n<p>This issue affects Walrus: before 72c7230f32a0b791355bbdfc78669701024b0956.</p>"}], "value": "Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly runtime engine allows a segmentation fault issue.\n\nThis issue affects Walrus: before 72c7230f32a0b791355bbdfc78669701024b0956."}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.7, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "CLEAR", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/U:Clear", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "shortName": "samsung.tv_appliance", "dateUpdated": "2024-08-16T06:40:46.571Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/Samsung/walrus/pull/241"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-03T14:17:24.827920Z", "id": "CVE-2024-32673", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-03T20:07:33.706Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:13:40.468Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/Samsung/walrus/pull/241", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/Samsung/walrus/pull/241", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:13:40.468Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32673", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-03T14:17:24.827920Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-03T20:07:24.807Z"}}], "cna": {"source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Sangwoo Park"}, {"lang": "en", "type": "reporter", "value": "Jeongmin Choi"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.7, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/U:Clear", "providerUrgency": "CLEAR", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/Samsung/walrus", "vendor": "Samsung Open Source", "product": "Walrus", "versions": [{"status": "unaffected", "version": "0", "lessThan": "72c7230f32a0b791355bbdfc78669701024b0956", "versionType": "git"}], "packageName": "Webassembly runtime engine", "defaultStatus": "unaffected"}], "datePublic": "2024-07-02T00:12:00.000Z", "references": [{"url": "https://github.com/Samsung/walrus/pull/241", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly runtime engine allows a segmentation fault issue.\n\nThis issue affects Walrus: before 72c7230f32a0b791355bbdfc78669701024b0956.", "supportingMedia": [{"type": "text/html", "value": "Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly runtime engine allows a segmentation fault issue.\n\n<p>This issue affects Walrus: before 72c7230f32a0b791355bbdfc78669701024b0956.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index"}]}], "providerMetadata": {"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "shortName": "samsung.tv_appliance", "dateUpdated": "2024-08-16T06:40:46.571Z"}}}, "cveMetadata": {"cveId": "CVE-2024-32673", "state": "PUBLISHED", "dateUpdated": "2024-08-16T06:40:46.571Z", "dateReserved": "2024-04-17T05:10:39.227Z", "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "datePublished": "2024-07-03T01:21:16.898Z", "assignerShortName": "samsung.tv_appliance"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly runtime engine allows a segmentation fault issue.\n\nThis issue affects Walrus: before 72c7230f32a0b791355bbdfc78669701024b0956."}, {"lang": "es", "value": "La validaci\u00f3n inadecuada de la vulnerabilidad del \u00edndice de matriz en el motor de ejecuci\u00f3n de Samsung Open Source Walrus Webassembly permite un problema de falla de segmentaci\u00f3n. Este problema afecta a Walrus: antes de 72c7230f32a0b791355bbdfc78669701024b0956."}], "id": "CVE-2024-32673", "lastModified": "2024-11-21T09:15:26.800", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "CLEAR", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "NONE"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-07-03T02:15:10.297", "references": [{"source": "[email protected]", "url": "https://github.com/Samsung/walrus/pull/241"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/Samsung/walrus/pull/241"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-129"}], "source": "[email protected]", "type": "Secondary"}]}