CVE-2017-13257

Опубликовано: 04 апр. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

In bta_pan_data_buf_ind_cback of bta_pan_act.cc there is a use after free that can result in an out of bounds read of memory allocated via malloc. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110692.

Ссылки

http://www.securityfocus.com/bid/103253
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/2018-03-01
Vendor Advisory
http://www.securityfocus.com/bid/103253
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/2018-03-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00211

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-416

Связанные уязвимости

GHSA-mg6x-hxxw-4x59