Vulnerabilites related to samsung - blockchain_keystore
CVE-2025-21020 (GCVE-0-2025-21020)
Vulnerability from cvelistv5
Published
2025-08-06 04:23
Modified
2025-08-13 15:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in creating bitmap images in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Blockchain Keystore |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21020",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T15:03:38.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Blockchain Keystore",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "1.3.17.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in creating bitmap images in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787 Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T04:23:36.742Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=08"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21020",
"datePublished": "2025-08-06T04:23:36.742Z",
"dateReserved": "2024-11-06T02:30:14.881Z",
"dateUpdated": "2025-08-13T15:03:38.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21021 (GCVE-0-2025-21021)
Vulnerability from cvelistv5
Published
2025-08-06 04:23
Modified
2025-08-13 15:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Blockchain Keystore |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21021",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T15:03:39.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Blockchain Keystore",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "1.3.17.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787 Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T04:23:38.208Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=08"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21021",
"datePublished": "2025-08-06T04:23:38.208Z",
"dateReserved": "2024-11-06T02:30:14.882Z",
"dateUpdated": "2025-08-13T15:03:39.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20901 (GCVE-0-2025-20901)
Vulnerability from cvelistv5
Published
2025-02-04 07:19
Modified
2025-02-04 15:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds read in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to read out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Blockchain Keystore |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20901",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T15:26:29.308691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T15:26:47.188Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Blockchain Keystore",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "1.3.16.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to read out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125 Out-of-bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T07:19:49.444Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-20901",
"datePublished": "2025-02-04T07:19:49.444Z",
"dateReserved": "2024-11-06T02:30:14.841Z",
"dateUpdated": "2025-02-04T15:26:47.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21018 (GCVE-0-2025-21018)
Vulnerability from cvelistv5
Published
2025-08-06 04:23
Modified
2025-08-06 13:38
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds read in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to read out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Blockchain Keystore |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21018",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T13:37:54.995218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T13:38:00.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Blockchain Keystore",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "1.3.17.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to read out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125 Out-of-bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T04:23:33.842Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=08"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21018",
"datePublished": "2025-08-06T04:23:33.842Z",
"dateReserved": "2024-11-06T02:30:14.880Z",
"dateUpdated": "2025-08-06T13:38:00.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49406 (GCVE-0-2024-49406)
Vulnerability from cvelistv5
Published
2024-11-06 02:17
Modified
2024-11-06 11:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Improper validation of integrity check value in Blockchain Keystore prior to version 1.3.16 allows local attackers to modify transaction. Root privilege is required for triggering this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Blockchain Keystore |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:samsung:blockchain_keystore:-:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "blockchain_keystore",
"vendor": "samsung",
"versions": [
{
"lessThan": "1.3.1.6",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49406",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T11:13:35.274200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T11:14:38.590Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Blockchain Keystore",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "1.3.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper validation of integrity check value in Blockchain Keystore prior to version 1.3.16 allows local attackers to modify transaction. Root privilege is required for triggering this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T02:17:24.461Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2024-49406",
"datePublished": "2024-11-06T02:17:24.461Z",
"dateReserved": "2024-10-15T05:26:08.659Z",
"dateUpdated": "2024-11-06T11:14:38.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21017 (GCVE-0-2025-21017)
Vulnerability from cvelistv5
Published
2025-08-06 04:23
Modified
2025-08-13 15:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Blockchain Keystore |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T15:03:37.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Blockchain Keystore",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "1.3.17.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787 Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T04:23:32.591Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=08"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21017",
"datePublished": "2025-08-06T04:23:32.591Z",
"dateReserved": "2024-11-06T02:30:14.880Z",
"dateUpdated": "2025-08-13T15:03:37.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30722 (GCVE-0-2023-30722)
Vulnerability from cvelistv5
Published
2023-09-06 03:12
Modified
2024-09-26 15:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5 allows local attacker to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Blockchain Keystore |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:14.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=09"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30722",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T14:56:58.117660Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T15:25:08.421Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Blockchain Keystore",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "1.3.13.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5 allows local attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T03:12:09.186Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=09"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2023-30722",
"datePublished": "2023-09-06T03:12:09.186Z",
"dateReserved": "2023-04-14T01:59:51.137Z",
"dateUpdated": "2024-09-26T15:25:08.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20900 (GCVE-0-2025-20900)
Vulnerability from cvelistv5
Published
2025-02-04 07:19
Modified
2025-02-04 15:30
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to write out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Blockchain Keystore |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T15:27:04.212419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T15:30:25.901Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Blockchain Keystore",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "1.3.16.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to write out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787 Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T07:19:48.350Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-20900",
"datePublished": "2025-02-04T07:19:48.350Z",
"dateReserved": "2024-11-06T02:30:14.841Z",
"dateUpdated": "2025-02-04T15:30:25.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2025-08-06 05:15
Modified
2025-08-15 16:02
Severity ?
6.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| mobile.security@samsung.com | https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=08 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | blockchain_keystore | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:blockchain_keystore:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D97199FA-9E57-4D37-AA98-466183EAA964",
"versionEndExcluding": "1.3.17.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory."
},
{
"lang": "es",
"value": "La escritura fuera de los l\u00edmites en el cuadro de criptograf\u00eda desconectada en Blockchain Keystore anterior a la versi\u00f3n 1.3.17.2 permite que atacantes privilegiados locales escriban en la memoria fuera de los l\u00edmites."
}
],
"id": "CVE-2025-21017",
"lastModified": "2025-08-15T16:02:40.080",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.5,
"source": "mobile.security@samsung.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-08-06T05:15:34.343",
"references": [
{
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=08"
}
],
"sourceIdentifier": "mobile.security@samsung.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-04 08:15
Modified
2025-07-17 01:21
Severity ?
Summary
Out-of-bounds read in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to read out-of-bounds memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| mobile.security@samsung.com | https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=01 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | blockchain_keystore | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:blockchain_keystore:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83B401F3-A7CB-4D77-9DD4-7FAFCDA87099",
"versionEndExcluding": "1.3.16.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to read out-of-bounds memory."
},
{
"lang": "es",
"value": "Fuera de los l\u00edmites le\u00eddo en Blockchain Keystore anterior a la versi\u00f3n 1.3.16.5 permite a atacantes privilegiados locales leer memoria fuera de los l\u00edmites."
}
],
"id": "CVE-2025-20901",
"lastModified": "2025-07-17T01:21:18.303",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "mobile.security@samsung.com",
"type": "Secondary"
}
]
},
"published": "2025-02-04T08:15:31.707",
"references": [
{
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=01"
}
],
"sourceIdentifier": "mobile.security@samsung.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-06 04:15
Modified
2024-11-21 08:00
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5 allows local attacker to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | blockchain_keystore | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:blockchain_keystore:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58D7527A-A43D-41CB-9519-70B03EB7F1EC",
"versionEndExcluding": "1.3.13.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5 allows local attacker to execute arbitrary code."
},
{
"lang": "es",
"value": "La falla del mecanismo de protecci\u00f3n en bc_tui trustlet de Samsung Blockchain Keystore anterior a la version 1.3.13.5 permite a un atacante local ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2023-30722",
"lastModified": "2024-11-21T08:00:46.273",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "mobile.security@samsung.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-06T04:15:15.493",
"references": [
{
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=09"
}
],
"sourceIdentifier": "mobile.security@samsung.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-06 05:15
Modified
2025-08-15 16:02
Severity ?
Summary
Out-of-bounds read in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to read out-of-bounds memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| mobile.security@samsung.com | https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=08 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | blockchain_keystore | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:blockchain_keystore:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D97199FA-9E57-4D37-AA98-466183EAA964",
"versionEndExcluding": "1.3.17.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to read out-of-bounds memory."
},
{
"lang": "es",
"value": "La lectura fuera de los l\u00edmites en Blockchain Keystore anterior a la versi\u00f3n 1.3.17.2 permite que atacantes privilegiados locales lean memoria fuera de los l\u00edmites."
}
],
"id": "CVE-2025-21018",
"lastModified": "2025-08-15T16:02:00.137",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "mobile.security@samsung.com",
"type": "Secondary"
}
]
},
"published": "2025-08-06T05:15:34.480",
"references": [
{
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=08"
}
],
"sourceIdentifier": "mobile.security@samsung.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-06 03:15
Modified
2024-11-13 00:54
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Summary
Improper validation of integrity check value in Blockchain Keystore prior to version 1.3.16 allows local attackers to modify transaction. Root privilege is required for triggering this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| mobile.security@samsung.com | https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=11 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | blockchain_keystore | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:blockchain_keystore:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D036D68-17AF-4E72-ABB1-E8B4AFCE0353",
"versionEndExcluding": "1.3.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper validation of integrity check value in Blockchain Keystore prior to version 1.3.16 allows local attackers to modify transaction. Root privilege is required for triggering this vulnerability."
},
{
"lang": "es",
"value": "La validaci\u00f3n incorrecta del valor de verificaci\u00f3n de integridad en Blockchain Keystore anterior a la versi\u00f3n 1.3.16 permite a los atacantes locales modificar la transacci\u00f3n. Se requiere privilegio de root para activar esta vulnerabilidad."
}
],
"id": "CVE-2024-49406",
"lastModified": "2024-11-13T00:54:15.937",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "mobile.security@samsung.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-06T03:15:05.833",
"references": [
{
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=11"
}
],
"sourceIdentifier": "mobile.security@samsung.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-354"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-06 05:15
Modified
2025-08-15 15:55
Severity ?
5.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| mobile.security@samsung.com | https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=08 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | blockchain_keystore | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:blockchain_keystore:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D97199FA-9E57-4D37-AA98-466183EAA964",
"versionEndExcluding": "1.3.17.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory."
},
{
"lang": "es",
"value": "La escritura fuera de los l\u00edmites en el teclado de dibujo en Blockchain Keystore anterior a la versi\u00f3n 1.3.17.2 permite que atacantes locales privilegiados escriban en la memoria fuera de los l\u00edmites."
}
],
"id": "CVE-2025-21021",
"lastModified": "2025-08-15T15:55:32.907",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.2,
"source": "mobile.security@samsung.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-08-06T05:15:34.887",
"references": [
{
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=08"
}
],
"sourceIdentifier": "mobile.security@samsung.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-06 05:15
Modified
2025-08-15 15:59
Severity ?
5.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Out-of-bounds write in creating bitmap images in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| mobile.security@samsung.com | https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=08 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | blockchain_keystore | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:blockchain_keystore:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D97199FA-9E57-4D37-AA98-466183EAA964",
"versionEndExcluding": "1.3.17.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in creating bitmap images in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory."
},
{
"lang": "es",
"value": "La escritura fuera de los l\u00edmites en la creaci\u00f3n de im\u00e1genes de mapa de bits en Blockchain Keystore anterior a la versi\u00f3n 1.3.17.2 permite que atacantes privilegiados locales escriban en la memoria fuera de los l\u00edmites."
}
],
"id": "CVE-2025-21020",
"lastModified": "2025-08-15T15:59:12.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.2,
"source": "mobile.security@samsung.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-08-06T05:15:34.750",
"references": [
{
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=08"
}
],
"sourceIdentifier": "mobile.security@samsung.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-04 08:15
Modified
2025-07-17 01:20
Severity ?
6.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Summary
Out-of-bounds write in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to write out-of-bounds memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| mobile.security@samsung.com | https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=01 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | blockchain_keystore | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:blockchain_keystore:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83B401F3-A7CB-4D77-9DD4-7FAFCDA87099",
"versionEndExcluding": "1.3.16.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to write out-of-bounds memory."
},
{
"lang": "es",
"value": "Fuera de los l\u00edmites escribe en Blockchain Keystore antes de la versi\u00f3n 1.3.16.5 permite a atacantes privilegiados locales escribir en fuera de los l\u00edmites de la memoria."
}
],
"id": "CVE-2025-20900",
"lastModified": "2025-07-17T01:20:47.640",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.5,
"source": "mobile.security@samsung.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-04T08:15:31.573",
"references": [
{
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=01"
}
],
"sourceIdentifier": "mobile.security@samsung.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}