Sign-up

ID

VAR-201803-1878


CVE

CVE-2018-9143


TITLE

Samsung Buffer error vulnerability in mobile device software

Trust: 0.8

sources: JVNDB: JVNDB-2018-003407

DESCRIPTION

On Samsung mobile devices with M(6.0) and N(7.x) software, a heap overflow in the sensorhub binder service leads to code execution in a privileged process, aka SVE-2017-10991. Samsung Mobile device software contains a buffer error vulnerability. Vendors have confirmed this vulnerability SVE-2017-10991 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Samsungmobiledevices and so on are all released by South Korea's Samsung (Samsung) company's smart mobile devices. Both AndroidM and N are Linux-based versions of the open source operating system jointly developed by Google and the Open Handheld Device Alliance (OHA). Sensorhubbinderservice is one of the processing services for sensors and hubs. An attacker could exploit the vulnerability to execute code

Trust: 2.25

sources: NVD: CVE-2018-9143 // JVNDB: JVNDB-2018-003407 // CNVD: CNVD-2018-08471 // VULMON: CVE-2018-9143

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-08471

AFFECTED PRODUCTS

vendor:samsungmodel:mobilescope:eqversion:6.0

Trust: 2.4

vendor:samsungmodel:mobilescope:eqversion:7.1.2

Trust: 1.6

vendor:samsungmodel:mobilescope:eqversion:7.1

Trust: 1.6

vendor:samsungmodel:mobilescope:eqversion:7.0

Trust: 1.6

vendor:samsungmodel:mobilescope:eqversion:7.1.1

Trust: 1.6

vendor:samsungmodel:mobilescope:eqversion:7.x

Trust: 0.8

vendor:samsungmodel:mobile devices mscope: - version: -

Trust: 0.6

vendor:samsungmodel:mobile devices nscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-08471 // JVNDB: JVNDB-2018-003407 // CNNVD: CNNVD-201804-059 // NVD: CVE-2018-9143

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-9143
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-9143
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-08471
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201804-059
value: CRITICAL

Trust: 0.6

VULMON: CVE-2018-9143
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-9143
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-08471
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-9143
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-08471 // VULMON: CVE-2018-9143 // JVNDB: JVNDB-2018-003407 // CNNVD: CNNVD-201804-059 // NVD: CVE-2018-9143

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-119

Trust: 0.8

sources: JVNDB: JVNDB-2018-003407 // NVD: CVE-2018-9143

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-059

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201804-059

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003407

PATCH
title:Android Security Updatesurl:https://security.samsungmobile.com/securityUpdate.smsb
Trust: 0.8
title:Samsung mobile device sensorhubbinder service buffer error vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/127497
Trust: 0.6
title:Samsung Mobile devices sensorhub binder Repair of service buffer error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82926
Trust: 0.6
title:bindump4jurl:https://github.com/flankerhqd/bindump4j 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-08471 // 
            
            
            
            VULMON: CVE-2018-9143 // 
            
            
            
            JVNDB: JVNDB-2018-003407 // 
            
            
            
            CNNVD: CNNVD-201804-059

EXTERNAL IDS
db:NVDid:CVE-2018-9143
Trust: 3.1
db:JVNDBid:JVNDB-2018-003407
Trust: 0.8
db:CNVDid:CNVD-2018-08471
Trust: 0.6
db:CNNVDid:CNNVD-201804-059
Trust: 0.6
db:VULMONid:CVE-2018-9143
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-08471 // 
            
            
            
            VULMON: CVE-2018-9143 // 
            
            
            
            JVNDB: JVNDB-2018-003407 // 
            
            
            
            CNNVD: CNNVD-201804-059 // 
            
            
            
            NVD: CVE-2018-9143

REFERENCES
url:https://security.samsungmobile.com/securityupdate.smsb
Trust: 2.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9143
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-9143
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/787.html
Trust: 0.1
url:https://github.com/flankerhqd/bindump4j
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-08471 // 
            
            
            
            VULMON: CVE-2018-9143 // 
            
            
            
            JVNDB: JVNDB-2018-003407 // 
            
            
            
            CNNVD: CNNVD-201804-059 // 
            
            
            
            NVD: CVE-2018-9143

SOURCES
db:CNVDid:CNVD-2018-08471
db:VULMONid:CVE-2018-9143
db:JVNDBid:JVNDB-2018-003407
db:CNNVDid:CNNVD-201804-059
db:NVDid:CVE-2018-9143

LAST UPDATE DATE
2024-11-23T22:59:04.932000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-08471date:2018-04-26T00:00:00
db:VULMONid:CVE-2018-9143date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-003407date:2018-05-23T00:00:00
db:CNNVDid:CNNVD-201804-059date:2020-08-25T00:00:00
db:NVDid:CVE-2018-9143date:2024-11-21T04:15:03.970

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-08471date:2018-04-26T00:00:00
db:VULMONid:CVE-2018-9143date:2018-03-30T00:00:00
db:JVNDBid:JVNDB-2018-003407date:2018-05-23T00:00:00
db:CNNVDid:CNNVD-201804-059date:2018-04-02T00:00:00
db:NVDid:CVE-2018-9143date:2018-03-30T08:29:00.853