exploitDog

GHSA-gqj2-c849-5g2w

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.

The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.

Ссылки

EPSS

Процентиль: 78%

0.01095

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-118

Связанные уязвимости

CVE-2015-2004

CVSS3: 9.8

nvd

почти 8 лет назад

The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.

EPSS

Процентиль: 78%

0.01095

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-118