CVE-2014-7951

Опубликовано: 20 фев. 2020

Источник: nvd

CVSS3: 4.6

CVSS2: 2.1

EPSS Низкий

Описание

Directory traversal vulnerability in the Android debug bridge (aka adb) in Android 4.0.4 allows physically proximate attackers with a direct connection to the target Android device to write to arbitrary files owned by system via a .. (dot dot) in the tar archive headers.

Ссылки

http://packetstormsecurity.com/files/131510/ADB-Backup-Traversal-File-Overwrite.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2015/Apr/51
Exploit
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/74211
Third Party Advisory
VDB Entry
https://android.googlesource.com/platform/frameworks/base/+/7bc601d%5E%21/#F0
https://www.exploit-db.com/exploits/36813/
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/131510/ADB-Backup-Traversal-File-Overwrite.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2015/Apr/51
Exploit
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/74211
Third Party Advisory
VDB Entry
https://android.googlesource.com/platform/frameworks/base/+/7bc601d%5E%21/#F0
https://www.exploit-db.com/exploits/36813/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.01965

Низкий

4.6 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-22

Связанные уязвимости

CVE-2014-7951

CVSS3: 4.6

ubuntu

почти 6 лет назад

GHSA-hc8g-h86v-jpf8

CVSS3: 4.6

github

больше 3 лет назад

EPSS

Процентиль: 83%

0.01965

Низкий

4.6 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-22