6.5

CVE-2016-3882

Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (reboot) via an access point that provides a crafted (1) Venue Group or (2) Venue Type value, aka internal bug 29464811.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version6.0
GoogleAndroid Version6.0.1
GoogleAndroid Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.44% 0.351
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 6.1 6.5 6.9
AV:A/AC:L/Au:N/C:N/I:N/A:C
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://source.android.com/security/bulletin/2016-10-01.html
Vendor Advisory
http://www.securityfocus.com/bid/93295
https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/35a86eef3c0eef760f7e61c52a343327ba601630
Patch
Issue Tracking