Vulnerability Description
A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Samsung | Samsung Mobile | 6.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/147841/Samsung-Galaxy-S7-Edge-OMACP-WbXml-SThird Party AdvisoryVDB Entry
- https://security.samsungmobile.com/securityUpdate.smsbThird Party Advisory
- https://www.exploit-db.com/exploits/44724/ExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/147841/Samsung-Galaxy-S7-Edge-OMACP-WbXml-SThird Party AdvisoryVDB Entry
- https://security.samsungmobile.com/securityUpdate.smsbThird Party Advisory
- https://www.exploit-db.com/exploits/44724/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2018-10751?
CVE-2018-10751 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memo...
How severe is CVE-2018-10751?
CVE-2018-10751 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-10751?
Check the references section above for vendor advisories and patch information. Affected products include: Samsung Samsung Mobile.