CVE-2018-10751

Exploit

EPSS 14.36%
Veröffentlicht 29.05.2018 20:29:02
Zuletzt bearbeitet 21.11.2024 03:41:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Samsung ≫ Samsung Mobile Version6.0

Samsung ≫ Samsung Mobile Version7.0

Samsung ≫ Samsung Mobile Version7.1

Samsung ≫ Samsung Mobile Version7.1.1

Samsung ≫ Samsung Mobile Version7.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	14.36%	0.942

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	1.6	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	5.4	4.9	6.9	AV:N/AC:H/Au:N/C:N/I:N/A:C

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://security.samsungmobile.com/securityUpdate.smsb

Third Party Advisory

http://packetstormsecurity.com/files/147841/Samsung-Galaxy-S7-Edge-OMACP-WbXml-String-Extension-Processing-Overflow.html

Third Party Advisory

VDB Entry

https://www.exploit-db.com/exploits/44724/

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2018-10751

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-10751

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-10751

EUVD