Details of VAR-201903-1002

ID

VAR-201903-1002

CVE

CVE-2018-14745

TITLE

Samsung Galaxy S6 Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-015148 // CNNVD: CNNVD-201903-714

DESCRIPTION

Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to overwrite kernel memory due to improper validation of the ring buffer read pointer. The Samsung ID is SVE-2018-12029. Samsung Galaxy S6 Contains a buffer error vulnerability. Vendors have confirmed this vulnerability Samsung ID: SVE-2018-12029 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Samsung Galaxy S6 is a smart phone of South Korea's Samsung (Samsung) company. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not verified correctly, resulting in execution to other associated memory locations. erroneous read and write operations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 1.8

sources: NVD: CVE-2018-14745 // JVNDB: JVNDB-2018-015148 // VULHUB: VHN-124935 // VULMON: CVE-2018-14745

AFFECTED PRODUCTS

vendor:	samsung	model:	galaxy s6	scope:	eq	version:	g920fxxu5eqh7	Trust: 1.0
vendor:	samsung	model:	galaxy s6	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2018-015148 // NVD: CVE-2018-14745

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-14745
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-14745
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201903-714
value:	HIGH
Trust: 0.6
VULHUB:	VHN-124935
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-14745
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-14745
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-124935
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-14745
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-124935 // VULMON: CVE-2018-14745 // JVNDB: JVNDB-2018-015148 // CNNVD: CNNVD-201903-714 // NVD: CVE-2018-14745

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-124935 // JVNDB: JVNDB-2018-015148 // NVD: CVE-2018-14745

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201903-714

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201903-714

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015148

PATCH

title:	SVE-2018-12029: Buffer out of bounds write in WiFi Chip	url:	https://security.samsungmobile.com/securityUpdate.smsb	Trust: 0.8
title:	Samsung Galaxy S6 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90261	Trust: 0.6

sources: JVNDB: JVNDB-2018-015148 // CNNVD: CNNVD-201903-714

EXTERNAL IDS

db:	NVD	id:	CVE-2018-14745	Trust: 2.6
db:	JVNDB	id:	JVNDB-2018-015148	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-714	Trust: 0.7
db:	VULHUB	id:	VHN-124935	Trust: 0.1
db:	VULMON	id:	CVE-2018-14745	Trust: 0.1

sources: VULHUB: VHN-124935 // VULMON: CVE-2018-14745 // JVNDB: JVNDB-2018-015148 // CNNVD: CNNVD-201903-714 // NVD: CVE-2018-14745

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb	Trust: 1.8
url:	https://github.com/securesystemslab/periscope/blob/master/bugs-found/cve-2018-14745.md	Trust: 1.8
url:	https://pastebin.com/tmfrecnz	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14745	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14745	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-124935 // VULMON: CVE-2018-14745 // JVNDB: JVNDB-2018-015148 // CNNVD: CNNVD-201903-714 // NVD: CVE-2018-14745

SOURCES

db:	VULHUB	id:	VHN-124935
db:	VULMON	id:	CVE-2018-14745
db:	JVNDB	id:	JVNDB-2018-015148
db:	CNNVD	id:	CNNVD-201903-714
db:	NVD	id:	CVE-2018-14745

LAST UPDATE DATE

2024-11-23T22:45:05.519000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-124935	date:	2019-04-01T00:00:00
db:	VULMON	id:	CVE-2018-14745	date:	2019-04-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-015148	date:	2019-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201903-714	date:	2019-04-09T00:00:00
db:	NVD	id:	CVE-2018-14745	date:	2024-11-21T03:49:43.760

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-124935	date:	2019-03-21T00:00:00
db:	VULMON	id:	CVE-2018-14745	date:	2019-03-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-015148	date:	2019-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201903-714	date:	2019-03-21T00:00:00
db:	NVD	id:	CVE-2018-14745	date:	2019-03-21T16:00:20.890