CVE-2016-2036

CWE-476NULL Pointer Dereference4 documents4 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 76.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Galaxy Note 3 FirmwareSamsung Galaxy S6 Firmware
Timeline
PublishedApr 13
Latest updateMay 17

Description

The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a "GET HTTP/1.1" request, aka SVE-2016-5036.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDsamsung/galaxy_s6_firmwareg920fxxu2coh2

🔴Vulnerability Details

2
GHSA
GHSA-3xp5-x55c-8fj2: The getURL function in drivers/secfilter/urlparser2022-05-17
CVEList
CVE-2016-2036: The getURL function in drivers/secfilter/urlparser2017-04-13

💬Community

1
Bugzilla
CVE-2016-4437 shiro: Security constraint bypass2016-06-07
CVE-2016-2036 (MEDIUM CVSS 5.5) | The getURL function in drivers/secf | cvebase.io