Main Vulnerability Database Vulnerabilities #VU37105

Integer overflow in Samsung Mobile - CVE-2018-10751

Published: May 29, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37105

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-10751

CWE-ID: CWE-190

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Samsung

Affected software:
Samsung Mobile

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463.

How to mitigate CVE-2018-10751

Install update from vendor's website.

Sources

http://packetstormsecurity.com/files/147841/Samsung-Galaxy-S7-Edge-OMACP-WbXml-String-Extension-Processing-Overflow.html
https://security.samsungmobile.com/securityUpdate.smsb
https://www.exploit-db.com/exploits/44724/

Integer overflow in Samsung Mobile - CVE-2018-10751

Detailed vulnerability description

How to mitigate CVE-2018-10751

Sources

Please verify you're human