exploitDog

CVE-2021-0956

Опубликовано: 15 дек. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additionalSystem execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-189942532

Ссылки

https://source.android.com/security/bulletin/2021-12-01
Vendor Advisory
https://source.android.com/security/bulletin/2021-12-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01098

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-jvq6-xpq3-8mch

github

около 4 лет назад

In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additionalSystem execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-189942532

EPSS

Процентиль: 78%

0.01098

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-787