CVE Vulnerabilities

CVE-2020-12717

Published: May 14, 2020 | Modified: Nov 07, 2023
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
3.3 LOW
AV:A/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. The ABTraceTogether (Alberta), ProteGO (Poland), and TraceTogether (Singapore) apps were also affected.

Affected Software

Name Vendor Start Version End Version
Abtracetogether Alberta - (including) - (including)
Protego_safe Gov - (including) - (including)
Covidsafe Health 1.0 (including) 1.0 (including)
Covidsafe Health 1.1 (including) 1.1 (including)
Tracetogether Tracetogether - (including) - (including)

References