CVE-2020-12717

The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. The ABTraceTogether (Alberta), ProteGO (Poland), and TraceTogether (Singapore) apps were also affected.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:alberta:abtracetogether:-:*:*:*:*:iphone_os:*:*
cpe:2.3:a:gov:protego_safe:-:*:*:*:*:iphone_os:*:*
cpe:2.3:a:health:covidsafe:1.0:*:*:*:*:iphone_os:*:*
cpe:2.3:a:health:covidsafe:1.1:*:*:*:*:iphone_os:*:*
cpe:2.3:a:tracetogether:tracetogether:-:*:*:*:*:iphone_os:*:*

History

21 Nov 2024, 05:00

Type Values Removed Values Added
References () https://medium.com/%40wabz/covidsafe-ios-vulnerability-cve-2020-12717-30dc003f9708 - () https://medium.com/%40wabz/covidsafe-ios-vulnerability-cve-2020-12717-30dc003f9708 -

07 Nov 2023, 03:15

Type Values Removed Values Added
References
  • {'url': 'https://medium.com/@wabz/covidsafe-ios-vulnerability-cve-2020-12717-30dc003f9708', 'name': 'https://medium.com/@wabz/covidsafe-ios-vulnerability-cve-2020-12717-30dc003f9708', 'tags': ['Exploit', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://medium.com/%40wabz/covidsafe-ios-vulnerability-cve-2020-12717-30dc003f9708 -

Information

Published : 2020-05-14 05:15

Updated : 2024-11-21 05:00


NVD link : CVE-2020-12717

Mitre link : CVE-2020-12717

CVE.ORG link : CVE-2020-12717


JSON object : View

Products Affected

tracetogether

  • tracetogether

gov

  • protego_safe

alberta

  • abtracetogether

health

  • covidsafe