5

CVE-2011-0680

EPSS 0.89%
Veröffentlicht 31.01.2011 20:00:51
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in opportunistic circumstances via a standard text messaging service.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version <= 2.2.1

Google ≫ Android Version1.5

Google ≫ Android Version1.6

Google ≫ Android Version2.1

Google ≫ Android Version2.2 Updaterev1

Google ≫ Android Version2.3 Updaterev1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.89%	0.734

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://android.git.kernel.org/?p=platform/packages/apps/Mms.git%3Ba=commit%3Bh=18d6b7e9d2e538fb3c0264332b96c02abf367267

http://android.git.kernel.org/?p=platform/packages/apps/Mms.git%3Ba=commit%3Bh=4d26623ce82230e8e7009adb921c5edea370a9e0

http://code.google.com/p/android/issues/detail?id=9392#c1460

http://code.google.com/p/android/issues/detail?id=9392#c1620

http://phandroid.com/2011/01/21/android-2-3-2-update-pushing-to-nexus-s-phone-fixes-sms-bug/

http://twitter.com/GalaxySsupport/statuses/28078194607263744

http://www.engadget.com/2011/01/22/nexus-one-gets-tiny-update-to-android-2-2-2-probably-fixes-sms/

http://www.htcphones.net/nexus-one-update-to-android-2-2-2/

http://www.samsunghub.com/2011/01/22/nexus-s-gets-android-2-3-2-fixes-sms-bug/

http://www.securityfocus.com/bid/46105

http://www.theinquirer.net/inquirer/news/1939386/google-updates-nexus-android-222

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/65125

https://nvd.nist.gov/vuln/detail/CVE-2011-0680

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-0680

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-0680

EUVD