Security: DoS vulnerability in function createDB() #5627

UVScan · 2022-09-02T04:54:05Z

Affected components

affected source code file: external/iotivity/iotivity_1.2-rel/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c

Attack vector(s)

Missing sqlite3_close after sqlite3_open_v2.
Whether or not an error occurs when it is opened, resources associated with the database connection handle should be released by passing it to sqlite3_close() when it is no longer required.

Suggested description of the vulnerability for use in the CVE

DoS vulnerability in createDB() function in Samsung Electronics TizenRT latest version (and earlier) due to missing sqlite3_close after sqlite3_open_v2.

Discoverer(s)/Credits

UVScan

Reference(s)

https://www.sqlite.org/c3ref/open.html

TizenRT/external/iotivity/iotivity_1.2-rel/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c

Line 100 in f8f776d

    
           result = sqlite3_open_v2(path, &g_db, SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE, NULL);

UVScan changed the title ~~Security: Privacy leakage in function cyassl_connect_step2()~~ Security: DoS vulnerability in function createDB() Sep 2, 2022

sunghan-chang assigned j11591 and hs36-kim Sep 2, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security: DoS vulnerability in function createDB() #5627

Security: DoS vulnerability in function createDB() #5627

UVScan commented Sep 2, 2022

Security: DoS vulnerability in function createDB() #5627

Security: DoS vulnerability in function createDB() #5627

Comments

UVScan commented Sep 2, 2022

Affected components

Attack vector(s)

Suggested description of the vulnerability for use in the CVE

Discoverer(s)/Credits

Reference(s)