Remote Code Execution Vulnerability in librtp.so Prior to SMR Jul-2024 Release 1
CVE-2024-34593

8.8HIGH

Key Information:

Vendor: librtp.so
Status: Android
Vendor: CVE Published:; 2 July 2024

Summary

A vulnerability exists within Samsung's librtp.so component that stems from improper input validation during the parsing and distribution of RTCP packets. This flaw allows remote attackers to execute arbitrary code with system privileges, but it necessitates user interaction to trigger the exploit. Awareness of this vulnerability is crucial for those utilizing affected products, as it highlights serious security implications that may compromise system integrity.

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 2, 2024