CVE-2018-10751

Опубликовано: 29 мая 2018

Источник: nvd

CVSS3: 5.3

CVSS2: 5.4

EPSS Средний

Описание

A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463.

Ссылки

http://packetstormsecurity.com/files/147841/Samsung-Galaxy-S7-Edge-OMACP-WbXml-String-Extension-Processing-Overflow.html
Third Party Advisory
VDB Entry
https://security.samsungmobile.com/securityUpdate.smsb
Third Party Advisory
https://www.exploit-db.com/exploits/44724/
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/147841/Samsung-Galaxy-S7-Edge-OMACP-WbXml-String-Extension-Processing-Overflow.html
Third Party Advisory
VDB Entry
https://security.samsungmobile.com/securityUpdate.smsb
Third Party Advisory
https://www.exploit-db.com/exploits/44724/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:samsung:samsung_mobile:6.0:*:*:*:*:*:*:*

cpe:2.3:o:samsung:samsung_mobile:7.0:*:*:*:*:*:*:*

cpe:2.3:o:samsung:samsung_mobile:7.1:*:*:*:*:*:*:*

cpe:2.3:o:samsung:samsung_mobile:7.1.1:*:*:*:*:*:*:*

cpe:2.3:o:samsung:samsung_mobile:7.1.2:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.14356

Средний

5.3 Medium

CVSS3

5.4 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

GHSA-p6q3-c5p7-24j9