CVE-2020-8899

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-8899
There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction. The Samsung ID is SVE-2020-16747.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://packetstormsecurity.com/files/157620/Samsung-Android-Remote-Code-Execution.html Third Party Advisory VDB Entry
https://bugs.chromium.org/p/project-zero/issues/detail?id=2002 Exploit Issue Tracking Third Party Advisory
https://security.samsungmobile.com/securityUpdate.smsb Vendor Advisory
https://www.kb.cert.org/vuls/id/366027 Third Party Advisory US Government Resource
http://packetstormsecurity.com/files/157620/Samsung-Android-Remote-Code-Execution.html Third Party Advisory VDB Entry
https://bugs.chromium.org/p/project-zero/issues/detail?id=2002 Exploit Issue Tracking Third Party Advisory
https://security.samsungmobile.com/securityUpdate.smsb Vendor Advisory
https://www.kb.cert.org/vuls/id/366027 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*
History

21 Nov 2024, 05:39

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/157620/Samsung-Android-Remote-Code-Execution.html - Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/157620/Samsung-Android-Remote-Code-Execution.html - Third Party Advisory, VDB Entry
References () https://bugs.chromium.org/p/project-zero/issues/detail?id=2002 - Exploit, Issue Tracking, Third Party Advisory () https://bugs.chromium.org/p/project-zero/issues/detail?id=2002 - Exploit, Issue Tracking, Third Party Advisory
References () https://security.samsungmobile.com/securityUpdate.smsb - Vendor Advisory () https://security.samsungmobile.com/securityUpdate.smsb - Vendor Advisory
References () https://www.kb.cert.org/vuls/id/366027 - Third Party Advisory, US Government Resource () https://www.kb.cert.org/vuls/id/366027 - Third Party Advisory, US Government Resource
Information

Published : 2020-05-06 17:15

Updated : 2024-11-21 05:39

NVD link : CVE-2020-8899

Mitre link : CVE-2020-8899

CVE.ORG link : CVE-2020-8899

JSON object : View

Products Affected

google

  • android
CWE
CWE-122

Heap-based Buffer Overflow

CWE-787

Out-of-bounds Write