Vulnerabilities > CVE-2016-2036 - NULL Pointer Dereference vulnerability in Samsung Galaxy Note 3 Firmware and Galaxy S6 Firmware

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

samsung

CWE-476

NVD

Published: 2017-04-13

Updated: 2017-04-25

Summary

The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a "GET HTTP/1.1" request, aka SVE-2016-5036.

Vulnerable Configurations

Part	Description	Count
OS	Samsung Samsung Galaxy S6 Firmware G920Fxxu2Coh2 Samsung Galaxy Note 3 Firmware N9005Xxugbob6	2
Hardware	Samsung Samsung Galaxy S6 - Samsung Galaxy Note 3 -	2

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0001