VYPR
← All advisories
Medium severity5.5NVD Advisory· Published May 19, 2026· Updated May 19, 2026

CVE-2026-47313

CVE-2026-47313

Description

Memory allocation with excessive size value vulnerability in Samsung Open Source Escargot allows Excessive Allocation.

This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Excessive memory allocation in Samsung Open Source Escargot can cause denial of service via crafted input.

Vulnerability

A memory allocation with excessive size value vulnerability exists in Samsung Open Source Escargot at commit 590345cc6258317c5da850d846ce6baaf2afc2d3. The bug is triggered when setArrayLength converts an array to non-fast mode if the length exceeds thresholds, potentially leading to an excessive allocation [1].

Exploitation

An attacker can trigger the vulnerability by providing a crafted input that causes the array length to exceed internal thresholds, leading to an excessive memory allocation. No special privileges are required, as the issue can be exploited via normal script execution in the Escargot engine [1].

Impact

Successful exploitation results in excessive memory allocation, which can lead to a denial-of-service condition (e.g., application crash or resource exhaustion) [1].

Mitigation

The fix has been merged in pull request #1565 on the official Escargot repository [1]. Users should update to a version of Escargot that includes this commit to mitigate the vulnerability.

References
  1. Fix crash issues by ksh8281 · Pull Request #1565 · Samsung/escargot

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Samsung Mobile/Escargotreferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: =590345cc6258317c5da850d846ce6baaf2afc2d3

Patches

1
590345cc6258

Update vendor test

https://github.com/Samsung/escargotSeonghyun KimMay 14, 2026via nvd-ref
commitPR #1565
1 file changed · +1 1
  • test/vendortest+1 1 modified
    @@ -1 +1 @@
-Subproject commit 71d8a3453148662bcbde7cd8180aaea7bf29ae32
+Subproject commit e17c4680af0a133981ab19aa6ea0b67bd705f66c

Vulnerability mechanics

Synthesis attempt was rejected by the grounding validator. Re-run pending.

References

1

News mentions

0

No linked articles in our index yet.