Details of VAR-201701-1166

ID

VAR-201701-1166

TITLE

Multiple Samsung Device 'OTP' Service Remote Heap Buffer Overflow Vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2017-00024

DESCRIPTION

SamsungGalaxyS6 is Samsung Electronics' mobile smart Android phone. A remote heap buffer overflow vulnerability exists in multiple Samsung devices. An attacker could exploit the vulnerability to cause a denial of service. Due to the nature of this issue, code execution may be possible but this has not been confirmed

Trust: 0.81

sources: CNVD: CNVD-2017-00024 // BID: 95134

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-00024

AFFECTED PRODUCTS

vendor:

samsung

model:

galaxy s6 sm-g925v

scope:

version:

Trust: 0.9

sources: CNVD: CNVD-2017-00024 // BID: 95134

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-00024
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2017-00024
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2017-00024

THREAT TYPE

network

Trust: 0.3

sources: BID: 95134

TYPE

Boundary Condition Error

Trust: 0.3

sources: BID: 95134

EXTERNAL IDS

db:	BID	id:	95134	Trust: 0.9
db:	CNVD	id:	CNVD-2017-00024	Trust: 0.6

sources: CNVD: CNVD-2017-00024 // BID: 95134

REFERENCES

url:	http://www.securityfocus.com/bid/95134	Trust: 0.6
url:	http://www.samsung.com/	Trust: 0.3
url:	https://bugs.chromium.org/p/project-zero/issues/detail?id=935	Trust: 0.3

sources: CNVD: CNVD-2017-00024 // BID: 95134

CREDITS

laginimaineb

Trust: 0.3

sources: BID: 95134

SOURCES

db:	CNVD	id:	CNVD-2017-00024
db:	BID	id:	95134

LAST UPDATE DATE

2022-05-17T02:08:58.587000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-00024	date:	2017-01-03T00:00:00
db:	BID	id:	95134	date:	2017-01-12T05:06:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-00024	date:	2017-01-03T00:00:00
db:	BID	id:	95134	date:	2016-12-28T00:00:00