Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-10751

CWE-190Integer Overflow5 documents5 sources
Severity
5.3MEDIUM
EPSS
14.4%
top 5.59%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Samsung Samsung Mobile
Timeline
PublishedMay 29
Latest updateMay 14

Description

A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages1 packages

NVDsamsung/samsung_mobile5 versions+4

🔴Vulnerability Details

3
GHSA
GHSA-p6q3-c5p7-24j9: A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml p2022-05-14
Project0
Adventures in vulnerability reporting - Project Zero2018-08-01
CVEList
CVE-2018-10751: A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml p2018-05-29

💥Exploits & PoCs

1
Exploit-DB
Samsung Galaxy S7 Edge - Overflow in OMACP WbXml String Extension Processing2018-05-23
CVE-2018-10751 (MEDIUM CVSS 5.3) | A malformed OMACP WAP push message | cvebase.io