5
CVE-2013-6768
- EPSS 0.39%
- Published 31.03.2014 14:58:57
- Last modified 12.04.2025 10:46:40
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process program via a crafted PATH environment variable for a /system/xbin/su process.
Data is provided by the National Vulnerability Database (NVD)
Koushik Dutta ≫ Superuser Version1.0.2.1
Google ≫ Android Version1.0
Google ≫ Android Version1.1
Google ≫ Android Version1.5
Google ≫ Android Version1.6
Google ≫ Android Version2.0
Google ≫ Android Version2.0.1
Google ≫ Android Version2.1
Google ≫ Android Version2.2
Google ≫ Android Version2.2 Updaterev1
Google ≫ Android Version2.2.1
Google ≫ Android Version2.2.2
Google ≫ Android Version2.2.3
Google ≫ Android Version2.3
Google ≫ Android Version2.3 Updaterev1
Google ≫ Android Version2.3.1
Google ≫ Android Version2.3.2
Google ≫ Android Version2.3.3
Google ≫ Android Version2.3.4
Google ≫ Android Version2.3.5
Google ≫ Android Version2.3.6
Google ≫ Android Version2.3.7
Google ≫ Android Version3.0
Google ≫ Android Version3.1
Google ≫ Android Version3.2
Google ≫ Android Version3.2.1
Google ≫ Android Version3.2.2
Google ≫ Android Version3.2.4
Google ≫ Android Version3.2.6
Google ≫ Android Version4.0
Google ≫ Android Version4.0.1
Google ≫ Android Version4.0.2
Google ≫ Android Version4.0.3
Google ≫ Android Version4.0.4
Google ≫ Android Version4.1
Google ≫ Android Version4.1.2
Google ≫ Android Version4.2
Google ≫ Android Version4.2.1
Google ≫ Android Version4.2.2
Google ≫ Android Version1.1
Google ≫ Android Version1.5
Google ≫ Android Version1.6
Google ≫ Android Version2.0
Google ≫ Android Version2.0.1
Google ≫ Android Version2.1
Google ≫ Android Version2.2
Google ≫ Android Version2.2 Updaterev1
Google ≫ Android Version2.2.1
Google ≫ Android Version2.2.2
Google ≫ Android Version2.2.3
Google ≫ Android Version2.3
Google ≫ Android Version2.3 Updaterev1
Google ≫ Android Version2.3.1
Google ≫ Android Version2.3.2
Google ≫ Android Version2.3.3
Google ≫ Android Version2.3.4
Google ≫ Android Version2.3.5
Google ≫ Android Version2.3.6
Google ≫ Android Version2.3.7
Google ≫ Android Version3.0
Google ≫ Android Version3.1
Google ≫ Android Version3.2
Google ≫ Android Version3.2.1
Google ≫ Android Version3.2.2
Google ≫ Android Version3.2.4
Google ≫ Android Version3.2.6
Google ≫ Android Version4.0
Google ≫ Android Version4.0.1
Google ≫ Android Version4.0.2
Google ≫ Android Version4.0.3
Google ≫ Android Version4.0.4
Google ≫ Android Version4.1
Google ≫ Android Version4.1.2
Google ≫ Android Version4.2
Google ≫ Android Version4.2.1
Google ≫ Android Version4.2.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.571 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.