{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40447", "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "state": "PUBLISHED", "assignerShortName": "samsung.tv_appliance", "dateReserved": "2026-04-13T04:23:34.943Z", "datePublished": "2026-04-13T05:06:38.362Z", "dateUpdated": "2026-04-13T14:14:26.774Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "shortName": "samsung.tv_appliance", "dateUpdated": "2026-04-13T05:39:52.897Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-190", "description": "CWE-190 Integer overflow or wraparound", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "affected": [{"vendor": "Samsung Open Source", "product": "Escargot", "versions": [{"status": "affected", "version": "97e8115ab1110bc502b4b5e4a0c689a71520d335"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.<p>This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.</p>"}]}], "references": [{"url": "https://github.com/Samsung/escargot/pull/1554"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 5.1, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}}], "credits": [{"lang": "en", "value": "Sebasti\u00e1n Alba Vives / @Sebasteuo", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T14:11:18.630511Z", "id": "CVE-2026-40447", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T14:14:26.774Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40447", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T14:11:18.630511Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T14:14:20.504Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "Sebasti\u00e1n Alba Vives / @Sebasteuo"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Samsung Open Source", "product": "Escargot", "versions": [{"status": "affected", "version": "97e8115ab1110bc502b4b5e4a0c689a71520d335"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/Samsung/escargot/pull/1554"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.", "supportingMedia": [{"type": "text/html", "value": "Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.<p>This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer overflow or wraparound"}]}], "providerMetadata": {"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "shortName": "samsung.tv_appliance", "dateUpdated": "2026-04-13T05:39:52.897Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40447", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:14:26.774Z", "dateReserved": "2026-04-13T04:23:34.943Z", "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "datePublished": "2026-04-13T05:06:38.362Z", "assignerShortName": "samsung.tv_appliance"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335."}], "id": "CVE-2026-40447", "lastModified": "2026-04-13T15:01:43.663", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 3.6, "source": "PSIRT@samsung.com", "type": "Secondary"}]}, "published": "2026-04-13T06:16:06.790", "references": [{"source": "PSIRT@samsung.com", "url": "https://github.com/Samsung/escargot/pull/1554"}], "sourceIdentifier": "PSIRT@samsung.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "PSIRT@samsung.com", "type": "Secondary"}]}

{"bugzilla": {"description": "escargot: Escargot: Denial of Service due to integer overflow or wraparound vulnerability", "id": "2457772", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457772"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["A flaw was found in Escargot. This integer overflow or wraparound vulnerability can lead to undefined behavior, potentially allowing a local attacker to cause a Denial of Service (DoS) by making the system unstable or crash."], "name": "CVE-2026-40447", "package_state": [{"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Fix deferred", "package_name": "openshift-logging/cluster-logging-operator-bundle", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Fix deferred", "package_name": "openshift-logging/cluster-logging-rhel9-operator", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Fix deferred", "package_name": "openshift-logging/eventrouter-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Fix deferred", "package_name": "openshift-logging/fluentd-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Fix deferred", "package_name": "openshift-logging/log-file-metric-exporter-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Fix deferred", "package_name": "openshift-logging/logging-view-plugin-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Fix deferred", "package_name": "openshift-logging/vector-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "gjs", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "rust", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "virt-firmware-rs", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "rust-toolset:rhel8/rust", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "rust", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Fix deferred", "package_name": "rust", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "conmon-rs", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_update_service:5", "fix_state": "Fix deferred", "package_name": "openshift-update-service/openshift-update-service-rhel8", "product_name": "Red Hat OpenShift Update Service"}], "public_date": "2026-04-13T05:06:38Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-40447\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-40447\nhttps://github.com/Samsung/escargot/pull/1554"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "97e8115ab1110bc502b4b5e4a0c689a71520d335"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Escargot", "source": "cna", "vendor": "Samsung Open Source"}, "product": "escargot", "vendor": "samsung_open_source"}], "analysis": {"en": {"generated_at": "2026-04-13T07:21:52.543904+00:00", "value": {"mitigation_remediation": ["Update Escargot to the patched commit 97e8115ab1110bc502b4b5e4a0c689a71520d335 or later, as referenced in GitHub PR 1554.", "Verify that your deployment uses the updated code by checking the commit hash or version identifier after the patch is applied.", "If immediate update is not possible, isolate execution of untrusted data within Escargot until the fix is in place to prevent potential misuse of the overflow.", "Continuously monitor Samsung\u2019s repository and security advisories for any further updates or related issues."], "summary": {"action": "Patch Update", "impact": "Integer Overflow leading to Undefined Behavior"}, "threat_synthesis": {"affected_systems": "Samsung Open Source Escargot is affected, specifically the code at commit 97e8115ab1110bc502b4b5e4a0c689a71520d335. No additional version details are provided, but the flaw exists in the code base referenced in that commit.", "description_and_impact": "An integer overflow or wraparound occurs within the Samsung Open Source Escargot JavaScript engine, producing undefined behavior when certain calculations propagate beyond their intended range. This flaw could lead to incorrect program logic or memory corruption if exploited. The vulnerability is tied to CWE\u2011190 and its impact is primarily integrity and stability of the Escargot runtime, potentially affecting any application that embeds this engine and processes unchecked data.", "risk_and_exploitability": "The CVSS score of 5.1 indicates moderate severity. No EPSS score is available and the vulnerability is not listed in CISA\u2019s KEV catalog. The likely attack vector is that an attacker must supply crafted input to the Escargot engine; exploitation could be local or remote depending on how the engine is used. Because the issue causes undefined behavior rather than direct code execution, the threat is limited to potential instability or data manipulation unless further vulnerabilities are present."}}}}, "created": "2026-04-13T12:37:05.865786+00:00", "title": "Integer Overflow in Escargot Leads to Undefined Behavior", "updated": "2026-04-13T12:52:53.560441+00:00", "vendors": ["samsung_open_source", "samsung_open_source$PRODUCT$escargot"]}