9.3

CVE-2017-0381

An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31607432.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version5.0
GoogleAndroid Version5.0.1
GoogleAndroid Version5.0.2
GoogleAndroid Version5.1
GoogleAndroid Version5.1.0
GoogleAndroid Version5.1.1
GoogleAndroid Version6.0
GoogleAndroid Version6.0.1
GoogleAndroid Version7.0
GoogleAndroid Version7.1.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.9% 0.551
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://source.android.com/security/bulletin/2017-01-01.html
Vendor Advisory
http://www.securityfocus.com/bid/95248
http://www.securitytracker.com/id/1039427
https://android.googlesource.com/platform/external/libopus/+/0d052d64480a30e83fcdda80f4774624e044beb7
Patch
Issue Tracking
https://security.gentoo.org/glsa/201702-21
https://support.apple.com/HT208112
https://support.apple.com/HT208113
https://support.apple.com/HT208115
https://support.apple.com/HT208144