Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-7990

On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can result in Denial of Service and potentially remote code execution, a subset of SVE-2016-6542.

Published

2016-10-31T10:59:06.597

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

10.0

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-190
    CWE-388
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System google android 4.2.2 Yes
Operating System google android 4.3 Yes
Operating System google android 4.3.1 Yes
Operating System google android 4.4 Yes
Operating System google android 4.4.1 Yes
Operating System google android 4.4.2 Yes
Operating System google android 4.4.3 Yes
Operating System google android 4.4.4 Yes
Operating System google android 5.0 Yes
Operating System google android 5.0.1 Yes
Operating System google android 5.0.2 Yes
Operating System google android 5.1 Yes
Operating System google android 5.1.0 Yes
Operating System google android 5.1.1 Yes
Operating System google android 6.0 Yes
Operating System google android 6.0.1 Yes
Hardware samsung galaxy_s4 - No
Hardware samsung galaxy_s4_mini - No
Hardware samsung galaxy_s5 - No
Hardware samsung galaxy_s6 - No
Hardware samsung galaxy_s7 - No
References