Lucene search

SamsungMobileVULNRICHMENT:CVE-2024-20836

HistoryMar 05, 2024 - 4:44 a.m.

CVE-2024-20836

2024-03-0504:44:45

SamsungMobile

github.com

vulnerability

out of bounds

memory

local attack

libsubextractor

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

6.5

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Out of bounds Read vulnerability in ssmis_get_frm in libsubextractor.so prior to SMR Mar-2024 Release 1 allows local attackers to read out of bounds memory.

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Mobile Devices",
    "versions": [
      {
        "status": "unaffected",
        "version": "SMR Mar-2024 Release in Android 11, 12, 13, 14"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

security.samsungmobile.com/securityUpdate.smsb?year=2024&month=03

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

6.5

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-20836