CVE-2020-8899

Опубликовано: 06 мая 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction. The Samsung ID is SVE-2020-16747.

Ссылки

http://packetstormsecurity.com/files/157620/Samsung-Android-Remote-Code-Execution.html
Third Party Advisory
VDB Entry
https://bugs.chromium.org/p/project-zero/issues/detail?id=2002
Exploit
Issue Tracking
Third Party Advisory
https://security.samsungmobile.com/securityUpdate.smsb
Vendor Advisory
https://www.kb.cert.org/vuls/id/366027
Third Party Advisory
US Government Resource
http://packetstormsecurity.com/files/157620/Samsung-Android-Remote-Code-Execution.html
Third Party Advisory
VDB Entry
https://bugs.chromium.org/p/project-zero/issues/detail?id=2002
Exploit
Issue Tracking
Third Party Advisory
https://security.samsungmobile.com/securityUpdate.smsb
Vendor Advisory
https://www.kb.cert.org/vuls/id/366027
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.0954

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-122

CWE-787

Связанные уязвимости

GHSA-6qjj-3q9g-g44p