Open ZakKemble opened 5 years ago
I've also found that this issue creates 2 remote denial of service exploits (if the attacker knows the phone number of the device using an A9/A9G):
SMS_ListMessageRequst()
is called memory will be leaked for each unicode SMS. Eventually causing a heap overflow and crashing the A9G. (Tested on SDK v2.112 and v2.129)
1. SDK version(SDK 版本)
{ v2.129 }
2. In what kind of operation problems appear, and how to reproduce the problem ?(什么样的操作步骤问题会出现,是否是稳定复现,如何复现问题?)
{
SMS_ListMessageRequst(SMS_STATUS_ALL, SMS_STORAGE_SIM_CARD);
does not list unicode SMSs (containing things like emojis 📞). This makes it rather difficult to delete the message as you have to guess the index number. }