Описание
email/provider/AttachmentProvider.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not ensure that certain values are integers, which allows attackers to read arbitrary attachments via a crafted application that provides a pathname value, aka internal bug 30745403.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | AOSP Mail not used |
| esm-apps/xenial | not-affected | AOSP Mail not used |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [AOSP Mail not used]] |
| precise | DNE | |
| trusty | not-affected | AOSP Mail not used |
| trusty/esm | DNE | trusty was not-affected [AOSP Mail not used] |
| upstream | released | |
| vivid/stable-phone-overlay | not-affected | AOSP Mail not used |
| vivid/ubuntu-core | DNE | |
| xenial | not-affected | AOSP Mail not used |
Показывать по
4.3 Medium
CVSS2
5.5 Medium
CVSS3
Связанные уязвимости
email/provider/AttachmentProvider.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not ensure that certain values are integers, which allows attackers to read arbitrary attachments via a crafted application that provides a pathname value, aka internal bug 30745403.
email/provider/AttachmentProvider.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not ensure that certain values are integers, which allows attackers to read arbitrary attachments via a crafted application that provides a pathname value, aka internal bug 30745403.
4.3 Medium
CVSS2
5.5 Medium
CVSS3