Описание
The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. The ABTraceTogether (Alberta), ProteGO (Poland), and TraceTogether (Singapore) apps were also affected.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:alberta:abtracetogether:-:*:*:*:*:iphone_os:*:*
cpe:2.3:a:gov:protego_safe:-:*:*:*:*:iphone_os:*:*
cpe:2.3:a:health:covidsafe:1.0:*:*:*:*:iphone_os:*:*
cpe:2.3:a:health:covidsafe:1.1:*:*:*:*:iphone_os:*:*
cpe:2.3:a:tracetogether:tracetogether:-:*:*:*:*:iphone_os:*:*
EPSS
Процентиль: 87%
0.03603
Низкий
6.5 Medium
CVSS3
3.3 Low
CVSS2
Дефекты
NVD-CWE-noinfo
EPSS
Процентиль: 87%
0.03603
Низкий
6.5 Medium
CVSS3
3.3 Low
CVSS2
Дефекты
NVD-CWE-noinfo