Details of VAR-201704-0400

ID

VAR-201704-0400

CVE

CVE-2016-2036

TITLE

Samsung SM-N9005 and SM-G920F Run on device Android for Samsung In the kernel NULL Vulnerability that triggers pointer dereference

Trust: 0.8

sources: JVNDB: JVNDB-2016-008456

DESCRIPTION

The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a "GET HTTP/1.1" request, aka SVE-2016-5036. Vendors have confirmed this vulnerability SVE-2016-5036 It is released as.By the attacker, "GET HTTP/1.1" Via request NULL Pointer dereference may be triggered. SamsungNote3 and GalaxyS6 are both smartphones released by South Korea's Samsung. There are security vulnerabilities in SamsungNote3 and GalaxyS6. There are security flaws in the Samsung Note 3 and Galaxy S6

Trust: 2.25

sources: NVD: CVE-2016-2036 // JVNDB: JVNDB-2016-008456 // CNVD: CNVD-2016-00774 // VULHUB: VHN-90855

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-00774

AFFECTED PRODUCTS

vendor:	samsung	model:	galaxy s6	scope:	eq	version:	g920fxxu2coh2	Trust: 2.4
vendor:	samsung	model:	galaxy note 3	scope:	eq	version:	n9005xxugbob6	Trust: 1.6
vendor:	samsung	model:	note 3	scope:	eq	version:	n9005xxugbob6	Trust: 0.8
vendor:	samsung	model:	galaxy s6	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	note	scope:	eq	version:	3	Trust: 0.6

sources: CNVD: CNVD-2016-00774 // JVNDB: JVNDB-2016-008456 // CNNVD: CNNVD-201601-618 // NVD: CVE-2016-2036

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-2036
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-2036
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-00774
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201601-618
value:	LOW
Trust: 0.6
VULHUB:	VHN-90855
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2016-2036
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-00774
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-90855
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-2036
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-00774 // VULHUB: VHN-90855 // JVNDB: JVNDB-2016-008456 // CNNVD: CNNVD-201601-618 // NVD: CVE-2016-2036

PROBLEMTYPE DATA

problemtype:

CWE-476

Trust: 1.9

sources: VULHUB: VHN-90855 // JVNDB: JVNDB-2016-008456 // NVD: CVE-2016-2036

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201601-618

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201601-618

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008456

PATCH

title:

SVE-2016-5036: SecNetfilter Security Patch

url:

http://security.samsungmobile.com/smrupdate.html#SMR-FEB-2016

Trust: 0.8

sources: JVNDB: JVNDB-2016-008456

EXTERNAL IDS

db:	NVD	id:	CVE-2016-2036	Trust: 3.1
db:	JVNDB	id:	JVNDB-2016-008456	Trust: 0.8
db:	CNNVD	id:	CNNVD-201601-618	Trust: 0.7
db:	CNVD	id:	CNVD-2016-00774	Trust: 0.6
db:	VULHUB	id:	VHN-90855	Trust: 0.1

sources: CNVD: CNVD-2016-00774 // VULHUB: VHN-90855 // JVNDB: JVNDB-2016-008456 // CNNVD: CNNVD-201601-618 // NVD: CVE-2016-2036

REFERENCES

url:	https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0001	Trust: 2.5
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2036	Trust: 1.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2036	Trust: 0.8

sources: CNVD: CNVD-2016-00774 // VULHUB: VHN-90855 // JVNDB: JVNDB-2016-008456 // CNNVD: CNNVD-201601-618 // NVD: CVE-2016-2036

SOURCES

db:	CNVD	id:	CNVD-2016-00774
db:	VULHUB	id:	VHN-90855
db:	JVNDB	id:	JVNDB-2016-008456
db:	CNNVD	id:	CNNVD-201601-618
db:	NVD	id:	CVE-2016-2036

LAST UPDATE DATE

2024-11-23T22:30:49.253000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-00774	date:	2016-02-03T00:00:00
db:	VULHUB	id:	VHN-90855	date:	2017-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2016-008456	date:	2017-05-19T00:00:00
db:	CNNVD	id:	CNNVD-201601-618	date:	2016-01-25T00:00:00
db:	NVD	id:	CVE-2016-2036	date:	2024-11-21T02:47:39.497

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-00774	date:	2016-02-03T00:00:00
db:	VULHUB	id:	VHN-90855	date:	2017-04-13T00:00:00
db:	JVNDB	id:	JVNDB-2016-008456	date:	2017-05-19T00:00:00
db:	CNNVD	id:	CNNVD-201601-618	date:	2016-01-25T00:00:00
db:	NVD	id:	CVE-2016-2036	date:	2017-04-13T16:59:01.003