Unrated severityNVD Advisory· Published May 14, 2020· Updated Aug 4, 2024

CVE-2020-12717

Description

The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. The ABTraceTogether (Alberta), ProteGO (Poland), and TraceTogether (Singapore) apps were also affected.

Affected products

Australia/COVIDSafedescription
Alberta/ABTraceTogetherllm-create
TraceTogether/TraceTogetherllm-fuzzy
COVIDSafe/COVIDSafellm-fuzzy
Range: 1.0, 1.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

medium.com/%40wabz/covidsafe-ios-vulnerability-cve-2020-12717-30dc003f9708mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000