How severe is CVE-2019-6740?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.6 out of 10.

What type of vulnerability is CVE-2019-6740?

This is classified as CWE-122, which is a common weakness in software security.

CVE-2019-6740

CRITICAL Year: 2019

CVSS v3 Score

9.6

Critical

CVSS v2 Score

6.8

Medium

Weakness Type

CWE-122

View all →

Vulnerability Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ASN.1 parser. When parsing ASN.1 strings, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7472.

CVE-2024-28231

CRITICAL

CVSS:9.6(Critical)

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submes...

CWE-1222024

CVE-2024-6246

CRITICAL

CVSS:9.6(Critical)

Wyze Cam v3 Realtek Wi-Fi Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installation...

CWE-1222024

CVE-2014-9187

CRITICAL

CVSS:9.8(Critical)

Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could le...

CWE-1222014

CVE-2016-8622

CRITICAL

CVSS:9.8(Critical)

The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2...

CWE-1222016

CVE-2017-7555

CRITICAL

CVSS:9.8(Critical)

Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application...

CWE-1222017

CVE-2017-9636

CRITICAL

CVSS:9.8(Critical)

Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial ...

CWE-1222017

CVE-2019-6740

Vulnerability Description

Related Vulnerabilities

CVE-2024-28231

CVE-2024-6246

CVE-2014-9187

CVE-2016-8622

CVE-2017-7555

CVE-2017-9636