Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-7989

On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the WifiServiceImpl class within wifi-service.jar. This causes the Android runtime to continually crash, rendering the device unusable until a factory reset is performed, a subset of SVE-2016-6542.

Published

2016-10-31T10:59:05.193

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: COMPLETE
Exploitability Score

10.0

Impact Score

6.9

Weaknesses
  • Type: Primary
    CWE-254
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System google android 4.2.2 Yes
Operating System google android 4.3 Yes
Operating System google android 4.3.1 Yes
Operating System google android 4.4 Yes
Operating System google android 4.4.1 Yes
Operating System google android 4.4.2 Yes
Operating System google android 4.4.3 Yes
Operating System google android 4.4.4 Yes
Operating System google android 5.0 Yes
Operating System google android 5.0.1 Yes
Operating System google android 5.0.2 Yes
Operating System google android 5.1 Yes
Operating System google android 5.1.0 Yes
Operating System google android 5.1.1 Yes
Operating System google android 6.0 Yes
Operating System google android 6.0.1 Yes
Hardware samsung galaxy_s4 - No
Hardware samsung galaxy_s4_mini - No
Hardware samsung galaxy_s5 - No
Hardware samsung galaxy_s6 - No
Hardware samsung galaxy_s7 - No
References