nvd-json-data-feeds/CVE-2017/CVE-2017-96xx/CVE-2017-9683.json

{
  "id": "CVE-2017-9683",
  "sourceIdentifier": "product-security@qualcomm.com",
  "published": "2017-10-10T20:29:00.993",
  "lastModified": "2017-10-19T17:23:02.270",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing a meta image, an integer overflow can occur, if user-defined image offset and size values are too large."
    },
    {
      "lang": "es",
      "value": "En Android for MSM, Firefox OS for MSM, QRD Android con todas las versiones de Android desde CAF usando el kernel de Linux, mientras se flashea una imagen meta, puede ocurrir un desbordamiento de enteros si los valores definidos por el usuario de desplazamiento de imagen y tama\u00f1o son demasiado grandes."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector": "LOCAL",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "acInsufInfo": true,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/bid/101117",
      "source": "product-security@qualcomm.com",
      "tags": [
        "VDB Entry",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://source.android.com/security/bulletin/2017-10-01",
      "source": "product-security@qualcomm.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}