CVE-2016-7989

Опубликовано: 31 окт. 2016

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Низкий

Описание

On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the WifiServiceImpl class within wifi-service.jar. This causes the Android runtime to continually crash, rendering the device unusable until a factory reset is performed, a subset of SVE-2016-6542.

Ссылки

http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016
Vendor Advisory
http://www.securityfocus.com/bid/94082
Third Party Advisory
VDB Entry
http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016
Vendor Advisory
http://www.securityfocus.com/bid/94082
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*

cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:samsung:galaxy_s4:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_s4_mini:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_s5:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_s7:-:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.0012

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-254

Связанные уязвимости

GHSA-q993-v9x4-3q2m