5.5

CVE-2021-32694

Exploit

Malicious Android application can crash the Nextcloud Android Client

Malicious Android application can crash the Nextcloud Android Client

Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.15.1, a malicious application on the same device is possible to crash the Nextcloud Android Client due to an uncaught exception. The vulnerability is patched in version 3.15.1.
Mögliche Gegenmaßnahme
Nextcloud Android Client: None.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NextcloudNextcloud SwPlatformandroid Version < 3.15.1
Weitere Schwachstelleninformationen
SystemNextcloud App
Produkt Nextcloud Android Client
Version < 3.15.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.461
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
security-advisories@github.com 4.1 0.5 3.6
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
CWE-248 Uncaught Exception

An exception is thrown from a function, but it is not caught.

https://hackerone.com/reports/859136
Third Party Advisory
Exploit
Issue Tracking