var-201704-0400
Vulnerability from variot
The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a "GET HTTP/1.1" request, aka SVE-2016-5036. Vendors have confirmed this vulnerability SVE-2016-5036 It is released as.By the attacker, "GET HTTP/1.1" Via request NULL Pointer dereference may be triggered. SamsungNote3 and GalaxyS6 are both smartphones released by South Korea's Samsung. There are security vulnerabilities in SamsungNote3 and GalaxyS6. There are security flaws in the Samsung Note 3 and Galaxy S6
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0400",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "galaxy s6",
"scope": "eq",
"trust": 2.4,
"vendor": "samsung",
"version": "g920fxxu2coh2"
},
{
"model": "galaxy note 3",
"scope": "eq",
"trust": 1.6,
"vendor": "samsung",
"version": "n9005xxugbob6"
},
{
"model": "note 3",
"scope": "eq",
"trust": 0.8,
"vendor": "samsung",
"version": "n9005xxugbob6"
},
{
"model": "galaxy s6",
"scope": null,
"trust": 0.6,
"vendor": "samsung",
"version": null
},
{
"model": "note",
"scope": "eq",
"trust": 0.6,
"vendor": "samsung",
"version": "3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00774"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008456"
},
{
"db": "NVD",
"id": "CVE-2016-2036"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-618"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:samsung:galaxy_s6_firmware:g920fxxu2coh2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:samsung:galaxy_note_3_firmware:n9005xxugbob6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:samsung:galaxy_note_3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2036"
}
]
},
"cve": "CVE-2016-2036",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 2.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-2036",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-00774",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-90855",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-2036",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-2036",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-00774",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201601-618",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-90855",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00774"
},
{
"db": "VULHUB",
"id": "VHN-90855"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008456"
},
{
"db": "NVD",
"id": "CVE-2016-2036"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-618"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a \"GET HTTP/1.1\" request, aka SVE-2016-5036. Vendors have confirmed this vulnerability SVE-2016-5036 It is released as.By the attacker, \"GET HTTP/1.1\" Via request NULL Pointer dereference may be triggered. SamsungNote3 and GalaxyS6 are both smartphones released by South Korea\u0027s Samsung. There are security vulnerabilities in SamsungNote3 and GalaxyS6. There are security flaws in the Samsung Note 3 and Galaxy S6",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2036"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008456"
},
{
"db": "CNVD",
"id": "CNVD-2016-00774"
},
{
"db": "VULHUB",
"id": "VHN-90855"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2036",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008456",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201601-618",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-00774",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-90855",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00774"
},
{
"db": "VULHUB",
"id": "VHN-90855"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008456"
},
{
"db": "NVD",
"id": "CVE-2016-2036"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-618"
}
]
},
"id": "VAR-201704-0400",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00774"
},
{
"db": "VULHUB",
"id": "VHN-90855"
}
],
"trust": 1.2331654466666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00774"
}
]
},
"last_update_date": "2023-12-18T13:08:53.348000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SVE-2016-5036: SecNetfilter Security Patch",
"trust": 0.8,
"url": "http://security.samsungmobile.com/smrupdate.html#smr-feb-2016"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008456"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90855"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008456"
},
{
"db": "NVD",
"id": "CVE-2016-2036"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0001"
},
{
"trust": 1.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2036"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2036"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00774"
},
{
"db": "VULHUB",
"id": "VHN-90855"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008456"
},
{
"db": "NVD",
"id": "CVE-2016-2036"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-618"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-00774"
},
{
"db": "VULHUB",
"id": "VHN-90855"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008456"
},
{
"db": "NVD",
"id": "CVE-2016-2036"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-618"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00774"
},
{
"date": "2017-04-13T00:00:00",
"db": "VULHUB",
"id": "VHN-90855"
},
{
"date": "2017-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008456"
},
{
"date": "2017-04-13T16:59:01.003000",
"db": "NVD",
"id": "CVE-2016-2036"
},
{
"date": "2016-01-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-618"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00774"
},
{
"date": "2017-04-25T00:00:00",
"db": "VULHUB",
"id": "VHN-90855"
},
{
"date": "2017-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008456"
},
{
"date": "2017-04-25T15:32:25.280000",
"db": "NVD",
"id": "CVE-2016-2036"
},
{
"date": "2016-01-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-618"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-618"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung SM-N9005 and SM-G920F Run on device Android for Samsung In the kernel NULL Vulnerability that triggers pointer dereference",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008456"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-618"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.