Описание
On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can result in Denial of Service and potentially remote code execution, a subset of SVE-2016-6542.
Ссылки
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:samsung:galaxy_s4:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:galaxy_s4_mini:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:galaxy_s5:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:galaxy_s7:-:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.01775
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-190
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can result in Denial of Service and potentially remote code execution, a subset of SVE-2016-6542.
EPSS
Процентиль: 82%
0.01775
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-190