The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. The ABTraceTogether (Alberta), ProteGO (Poland), and TraceTogether (Singapore) apps were also affected.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-05-14T04:36:11
Updated: 2020-05-14T04:36:11
Reserved: 2020-05-07T00:00:00
Link: CVE-2020-12717
JSON object: View
NVD Information
Status : Modified
Published: 2020-05-14T05:15:10.987
Modified: 2023-11-07T03:15:43.790
Link: CVE-2020-12717
JSON object: View
Redhat Information
No data.
CWE