Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-8899
HistoryMay 06, 2020 - 5:15 p.m.

CVE-2020-8899

2020-05-0617:15:14
CWE-787
CWE-122
[email protected]
web.nvd.nist.gov
103
4
cve-2020-8899
samsung
android
buffer overflow
rce
sve-2020-16747
vulnerability
nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:L/SA:L

9.7 High

AI Score

Confidence

High

0.034 Low

EPSS

Percentile

91.5%

JSON

There is a buffer overwrite vulnerability in the Quram qmg library of Samsung’s Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction. The Samsung ID is SVE-2020-16747.

Affected configurations

Vulners
NVD
Node
samsungandroidRange9.0
OR
samsungandroidRange10.0
OR
samsungandroidRange8.0
VendorProductVersionCPE
samsungandroid*cpe:2.3:o:samsung:android:*:*:*:*:*:*:*:*
samsungandroid*cpe:2.3:o:samsung:android:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Android OS",
    "vendor": "Samsung",
    "versions": [
      {
        "status": "affected",
        "version": "9.0",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "10.0",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "8.0",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

Related

attackerkb 1
nvd 1
cert 1
googleprojectzero 2
prion 1
cvelist 1
attackerkb
attackerkb
CVE-2020-8899 Samsung Quarm RCE via MMS
2020-05-06 00:00:00
nvd
nvd
CVE-2020-8899
2020-05-06 17:15:14
cert
cert
Samsung Qmage codec for Android Skia library does not properly validate image files
2020-05-14 00:00:00
googleprojectzero
googleprojectzero
MMS Exploit Part 1: Introduction to the Samsung Qmage Codec and Remote Attack Surface
2020-07-16 00:00:00
MMS Exploit Part 5: Defeating Android ASLR, Getting RCE
2020-08-12 00:00:00
prion
prion
Heap overflow
2020-05-06 17:15:00
cvelist
cvelist
CVE-2020-8899 Memory corruption in Quram library when decoding qmg can lead to RCE
2020-05-06 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:L/SA:L

9.7 High

AI Score

Confidence

High

0.034 Low

EPSS

Percentile

91.5%

JSON
Related for CVE-2020-8899
attackerkb1nvd1cert1googleprojectzero2prion1cvelist1