diff --git a/2017/13xxx/CVE-2017-13248.json b/2017/13xxx/CVE-2017-13248.json index 6e46d969df7..0eb336ef9b8 100644 --- a/2017/13xxx/CVE-2017-13248.json +++ b/2017/13xxx/CVE-2017-13248.json @@ -1,8 +1,50 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", + "DATE_PUBLIC" : "2018-03-05T00:00:00", "ID" : "CVE-2017-13248", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "6.0" + }, + { + "version_value" : "6.0.1" + }, + { + "version_value" : "7.0" + }, + { + "version_value" : "7.1.1" + }, + { + "version_value" : "7.1.2" + }, + { + "version_value" : "8.0" + }, + { + "version_value" : "8.1" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +53,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In impeg2_idct_recon_sse42() of impeg2_idct_recon_sse42_intr.c, there is an out of bound write due to a missing bounds check. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70349612." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote code execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/2018-03-01" } ] } diff --git a/2017/13xxx/CVE-2017-13249.json b/2017/13xxx/CVE-2017-13249.json index 91378616b2b..f8c19011e57 100644 --- a/2017/13xxx/CVE-2017-13249.json +++ b/2017/13xxx/CVE-2017-13249.json @@ -1,8 +1,50 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", + "DATE_PUBLIC" : "2018-03-05T00:00:00", "ID" : "CVE-2017-13249", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "6.0" + }, + { + "version_value" : "6.0.1" + }, + { + "version_value" : "7.0" + }, + { + "version_value" : "7.1.1" + }, + { + "version_value" : "7.1.2" + }, + { + "version_value" : "8.0" + }, + { + "version_value" : "8.1" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +53,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In impeg2d_api_set_display_frame of impeg2d_api_main.c, there is an out of bound write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70399408." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote code execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/2018-03-01" } ] } diff --git a/2017/13xxx/CVE-2017-13250.json b/2017/13xxx/CVE-2017-13250.json index 76bdf265524..4aa7bf0b4e2 100644 --- a/2017/13xxx/CVE-2017-13250.json +++ b/2017/13xxx/CVE-2017-13250.json @@ -1,8 +1,50 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", + "DATE_PUBLIC" : "2018-03-05T00:00:00", "ID" : "CVE-2017-13250", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "6.0" + }, + { + "version_value" : "6.0.1" + }, + { + "version_value" : "7.0" + }, + { + "version_value" : "7.1.1" + }, + { + "version_value" : "7.1.2" + }, + { + "version_value" : "8.0" + }, + { + "version_value" : "8.1" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +53,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In ih264d_fmt_conv_420sp_to_420p of ih264d_utils.c, there is an out of bound write due to a missing out of bounds check because of a multiplication error. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71375536." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote code execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/2018-03-01" } ] } diff --git a/2017/13xxx/CVE-2017-13251.json b/2017/13xxx/CVE-2017-13251.json index 89e1c71e2aa..1ce1a4ffd73 100644 --- a/2017/13xxx/CVE-2017-13251.json +++ b/2017/13xxx/CVE-2017-13251.json @@ -1,8 +1,50 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", + "DATE_PUBLIC" : "2018-03-05T00:00:00", "ID" : "CVE-2017-13251", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "6.0" + }, + { + "version_value" : "6.0.1" + }, + { + "version_value" : "7.0" + }, + { + "version_value" : "7.1.1" + }, + { + "version_value" : "7.1.2" + }, + { + "version_value" : "8.0" + }, + { + "version_value" : "8.1" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +53,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In impeg2d_dec_pic_data_thread of impeg2d_dec_hdr.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when running multi threaded with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69269702." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/2018-03-01" } ] } diff --git a/2017/13xxx/CVE-2017-13252.json b/2017/13xxx/CVE-2017-13252.json index 28eb913df02..b849d6c9b53 100644 --- a/2017/13xxx/CVE-2017-13252.json +++ b/2017/13xxx/CVE-2017-13252.json @@ -1,8 +1,35 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", + "DATE_PUBLIC" : "2018-03-05T00:00:00", "ID" : "CVE-2017-13252", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "8.0" + }, + { + "version_value" : "8.1" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +38,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In CryptoHal::decrypt of CryptoHal.cpp, there is an out of bounds write due to improper input validation that results in a read from uninitialized memory. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70526702." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/2018-03-01" } ] } diff --git a/2017/13xxx/CVE-2017-13253.json b/2017/13xxx/CVE-2017-13253.json index bfb37d724d4..8643feea9ed 100644 --- a/2017/13xxx/CVE-2017-13253.json +++ b/2017/13xxx/CVE-2017-13253.json @@ -1,8 +1,35 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", + "DATE_PUBLIC" : "2018-03-05T00:00:00", "ID" : "CVE-2017-13253", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "8.0" + }, + { + "version_value" : "8.1" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +38,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71389378." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/2018-03-01" } ] } diff --git a/2017/13xxx/CVE-2017-13255.json b/2017/13xxx/CVE-2017-13255.json index 31b673692ad..5c30f86b407 100644 --- a/2017/13xxx/CVE-2017-13255.json +++ b/2017/13xxx/CVE-2017-13255.json @@ -1,8 +1,53 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", + "DATE_PUBLIC" : "2018-03-05T00:00:00", "ID" : "CVE-2017-13255", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "5.1.1" + }, + { + "version_value" : "6.0" + }, + { + "version_value" : "6.0.1" + }, + { + "version_value" : "7.0" + }, + { + "version_value" : "7.1.1" + }, + { + "version_value" : "7.1.2" + }, + { + "version_value" : "8.0" + }, + { + "version_value" : "8.1" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +56,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In process_service_attr_req of sdp_server.c, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68776054." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote code execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/2018-03-01" } ] } diff --git a/2017/13xxx/CVE-2017-13256.json b/2017/13xxx/CVE-2017-13256.json index f4d11711212..986096e9b9b 100644 --- a/2017/13xxx/CVE-2017-13256.json +++ b/2017/13xxx/CVE-2017-13256.json @@ -1,8 +1,53 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", + "DATE_PUBLIC" : "2018-03-05T00:00:00", "ID" : "CVE-2017-13256", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "5.1.1" + }, + { + "version_value" : "6.0" + }, + { + "version_value" : "6.0.1" + }, + { + "version_value" : "7.0" + }, + { + "version_value" : "7.1.1" + }, + { + "version_value" : "7.1.2" + }, + { + "version_value" : "8.0" + }, + { + "version_value" : "8.1" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +56,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68817966." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote code execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/2018-03-01" } ] } diff --git a/2017/13xxx/CVE-2017-13257.json b/2017/13xxx/CVE-2017-13257.json index 75d4ab60a81..4370aa5f28c 100644 --- a/2017/13xxx/CVE-2017-13257.json +++ b/2017/13xxx/CVE-2017-13257.json @@ -1,8 +1,53 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", + "DATE_PUBLIC" : "2018-03-05T00:00:00", "ID" : "CVE-2017-13257", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "5.1.1" + }, + { + "version_value" : "6.0" + }, + { + "version_value" : "6.0.1" + }, + { + "version_value" : "7.0" + }, + { + "version_value" : "7.1.1" + }, + { + "version_value" : "7.1.2" + }, + { + "version_value" : "8.0" + }, + { + "version_value" : "8.1" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +56,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In bta_pan_data_buf_ind_cback of bta_pan_act.cc there is a use after free that can result in an out of bounds read of memory allocated via malloc. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110692." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/2018-03-01" } ] } diff --git a/2017/13xxx/CVE-2017-13258.json b/2017/13xxx/CVE-2017-13258.json index f2014996465..a63d3ae1799 100644 --- a/2017/13xxx/CVE-2017-13258.json +++ b/2017/13xxx/CVE-2017-13258.json @@ -1,8 +1,53 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", + "DATE_PUBLIC" : "2018-03-05T00:00:00", "ID" : "CVE-2017-13258", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "5.1.1" + }, + { + "version_value" : "6.0" + }, + { + "version_value" : "6.0.1" + }, + { + "version_value" : "7.0" + }, + { + "version_value" : "7.1.1" + }, + { + "version_value" : "7.1.2" + }, + { + "version_value" : "8.0" + }, + { + "version_value" : "8.1" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +56,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67863755." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/2018-03-01" } ] } diff --git a/2017/13xxx/CVE-2017-13259.json b/2017/13xxx/CVE-2017-13259.json index 0690515bfd0..a373b0d8282 100644 --- a/2017/13xxx/CVE-2017-13259.json +++ b/2017/13xxx/CVE-2017-13259.json @@ -1,8 +1,53 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", + "DATE_PUBLIC" : "2018-03-05T00:00:00", "ID" : "CVE-2017-13259", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "5.1.1" + }, + { + "version_value" : "6.0" + }, + { + "version_value" : "6.0.1" + }, + { + "version_value" : "7.0" + }, + { + "version_value" : "7.1.1" + }, + { + "version_value" : "7.1.2" + }, + { + "version_value" : "8.0" + }, + { + "version_value" : "8.1" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +56,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In functionality implemented in sdp_discovery.cc, there are possible out of bounds reads due to missing bounds checks. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68161546." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/2018-03-01" } ] } diff --git a/2017/13xxx/CVE-2017-13260.json b/2017/13xxx/CVE-2017-13260.json index 9d8dfcbb347..37c03c67d5e 100644 --- a/2017/13xxx/CVE-2017-13260.json +++ b/2017/13xxx/CVE-2017-13260.json @@ -1,8 +1,53 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", + "DATE_PUBLIC" : "2018-03-05T00:00:00", "ID" : "CVE-2017-13260", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "5.1.1" + }, + { + "version_value" : "6.0" + }, + { + "version_value" : "6.0.1" + }, + { + "version_value" : "7.0" + }, + { + "version_value" : "7.1.1" + }, + { + "version_value" : "7.1.2" + }, + { + "version_value" : "8.0" + }, + { + "version_value" : "8.1" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +56,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177251." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/2018-03-01" } ] } diff --git a/2017/13xxx/CVE-2017-13261.json b/2017/13xxx/CVE-2017-13261.json index 0c2c54e3d35..fae3a2170f8 100644 --- a/2017/13xxx/CVE-2017-13261.json +++ b/2017/13xxx/CVE-2017-13261.json @@ -1,8 +1,53 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", + "DATE_PUBLIC" : "2018-03-05T00:00:00", "ID" : "CVE-2017-13261", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "5.1.1" + }, + { + "version_value" : "6.0" + }, + { + "version_value" : "6.0.1" + }, + { + "version_value" : "7.0" + }, + { + "version_value" : "7.1.1" + }, + { + "version_value" : "7.1.2" + }, + { + "version_value" : "8.0" + }, + { + "version_value" : "8.1" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +56,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In bnep_process_control_packet of bnep_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177292." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/2018-03-01" } ] } diff --git a/2017/13xxx/CVE-2017-13262.json b/2017/13xxx/CVE-2017-13262.json index a6c8110bee5..f4fd1c5d3aa 100644 --- a/2017/13xxx/CVE-2017-13262.json +++ b/2017/13xxx/CVE-2017-13262.json @@ -1,8 +1,53 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", + "DATE_PUBLIC" : "2018-03-05T00:00:00", "ID" : "CVE-2017-13262", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "5.1.1" + }, + { + "version_value" : "6.0" + }, + { + "version_value" : "6.0.1" + }, + { + "version_value" : "7.0" + }, + { + "version_value" : "7.1.1" + }, + { + "version_value" : "7.1.2" + }, + { + "version_value" : "8.0" + }, + { + "version_value" : "8.1" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +56,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing length decrement operation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69271284." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/2018-03-01" } ] } diff --git a/2017/13xxx/CVE-2017-13266.json b/2017/13xxx/CVE-2017-13266.json index 9179a428e53..8f67de04b81 100644 --- a/2017/13xxx/CVE-2017-13266.json +++ b/2017/13xxx/CVE-2017-13266.json @@ -1,8 +1,53 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", + "DATE_PUBLIC" : "2018-03-05T00:00:00", "ID" : "CVE-2017-13266", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "5.1.1" + }, + { + "version_value" : "6.0" + }, + { + "version_value" : "6.0.1" + }, + { + "version_value" : "7.0" + }, + { + "version_value" : "7.1.1" + }, + { + "version_value" : "7.1.2" + }, + { + "version_value" : "8.0" + }, + { + "version_value" : "8.1" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +56,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478941." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote code execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/2018-03-01" } ] } diff --git a/2017/13xxx/CVE-2017-13272.json b/2017/13xxx/CVE-2017-13272.json index 0b54be4f00a..66aa75c15b8 100644 --- a/2017/13xxx/CVE-2017-13272.json +++ b/2017/13xxx/CVE-2017-13272.json @@ -1,8 +1,44 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", + "DATE_PUBLIC" : "2018-03-05T00:00:00", "ID" : "CVE-2017-13272", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "7.0" + }, + { + "version_value" : "7.1.1" + }, + { + "version_value" : "7.1.2" + }, + { + "version_value" : "8.0" + }, + { + "version_value" : "8.1" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +47,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In alarm_ready_generic of alarm.cc, there is a possible out of bounds write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110137." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote code execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/2018-03-01" } ] }