Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-10751

A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463.

Published

2018-05-29T20:29:02.470

Last Modified

2024-11-21T03:41:58.757

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:N/I:N/A:C

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

4.9

Impact Score

6.9

Weaknesses

Type: Primary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	samsung	samsung_mobile	6.0	Yes
Operating System	samsung	samsung_mobile	7.0	Yes
Operating System	samsung	samsung_mobile	7.1	Yes
Operating System	samsung	samsung_mobile	7.1.1	Yes
Operating System	samsung	samsung_mobile	7.1.2	Yes

References

http://packetstormsecurity.com/files/147841/Samsung-Galaxy-S7-Edge-OMACP-WbXml-String-Extension-Processing-Overflow.html Third Party Advisory, VDB Entry ([email protected])
https://security.samsungmobile.com/securityUpdate.smsb Third Party Advisory ([email protected])
https://www.exploit-db.com/exploits/44724/ Exploit, Third Party Advisory, VDB Entry ([email protected])
http://packetstormsecurity.com/files/147841/Samsung-Galaxy-S7-Edge-OMACP-WbXml-String-Extension-Processing-Overflow.html Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://security.samsungmobile.com/securityUpdate.smsb Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/44724/ Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)