CVE-2020-12717

Published: May 14, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. The ABTraceTogether (Alberta), ProteGO (Poland), and TraceTogether (Singapore) apps were also affected.

Affected (5)

Products: Alberta: Abtracetogether · Gov: Protego Safe · Health: Covidsafe · +1 more

Show all products

Alberta: Abtracetogether · Gov: Protego Safe · Health: Covidsafe · Tracetogether: Tracetogether

1 product

1 product

1 product

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Alberta Abtracetogether	All versions
Gov Protego Safe	All versions
Health Covidsafe	Version 1.0
Health Covidsafe	Version 1.1
Tracetogether Tracetogether	All versions

References (2)

https://medium.com/%40wabz/covidsafe-ios-vulnerability-cve-2020-12717-30dc003f9708

Source: cve@mitre.org

https://medium.com/%40wabz/covidsafe-ios-vulnerability-cve-2020-12717-30dc003f9708

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.