Описание
The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanism via a crafted application, aka internal bug 28795098.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| devel | DNE | |
| esm-apps/xenial | ignored | abandoned |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored [abandoned]] |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | trusty was ignored [abandoned] |
| upstream | needs-triage |
Показывать по
EPSS
8.3 High
CVSS2
7.8 High
CVSS3
Связанные уязвимости
The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanism via a crafted application, aka internal bug 28795098.
The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanism via a crafted application, aka internal bug 28795098.
Уязвимость операционной системы Android, позволяющая нарушителю обойти механизмы защиты
EPSS
8.3 High
CVSS2
7.8 High
CVSS3