9.3

CVE-2017-0812

An elevation of privilege vulnerability in the Android media framework (audio hal). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62873231.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version7.0
GoogleAndroid Version7.1.0
GoogleAndroid Version7.1.1
GoogleAndroid Version7.1.2
GoogleAndroid Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.5% 0.389
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://source.android.com/security/bulletin/2017-10-01
Patch
Vendor Advisory
http://www.securityfocus.com/bid/101088
Third Party Advisory
VDB Entry
https://android.googlesource.com/device/google/dragon/+/7df7ec13b1d222ac3a66797fbe432605ea8f973f
Patch
Vendor Advisory
Issue Tracking