7.5

CVE-2016-2497

services/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to increase intent-filter priority via a crafted application, aka internal bug 27450489.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version4.0
GoogleAndroid Version4.0.1
GoogleAndroid Version4.0.2
GoogleAndroid Version4.0.3
GoogleAndroid Version4.0.4
GoogleAndroid Version4.1
GoogleAndroid Version4.1.2
GoogleAndroid Version4.2
GoogleAndroid Version4.2.1
GoogleAndroid Version4.2.2
GoogleAndroid Version4.3
GoogleAndroid Version4.3.1
GoogleAndroid Version4.4
GoogleAndroid Version4.4.1
GoogleAndroid Version4.4.2
GoogleAndroid Version4.4.3
GoogleAndroid Version5.0
GoogleAndroid Version5.0.1
GoogleAndroid Version5.1
GoogleAndroid Version5.1.0
GoogleAndroid Version6.0
GoogleAndroid Version6.0.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.6% 0.437
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.3 3.9 3.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://source.android.com/security/bulletin/2016-08-01.html
Vendor Advisory
http://www.securityfocus.com/bid/92249
https://android.googlesource.com/platform/frameworks/base/+/a75537b496e9df71c74c1d045ba5569631a16298
Patch
Issue Tracking