nvd-json-data-feeds/CVE-2021/CVE-2021-05xx/CVE-2021-0515.json

{
  "id": "CVE-2021-0515",
  "sourceIdentifier": "security@android.com",
  "published": "2021-07-14T14:15:08.220",
  "lastModified": "2021-07-16T19:22:04.647",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-167389063"
    },
    {
      "lang": "es",
      "value": "En la funci\u00f3n Factory::CreateStrictFunctionMap del archivo factory.cc, se presenta una posible escritura fuera de l\u00edmites debido a una comprobaci\u00f3n incorrecta de l\u00edmites. Esto podr\u00eda conllevar a una ejecuci\u00f3n de c\u00f3digo remota en un proceso no privilegiado, sin ser necesarios privilegios de ejecuci\u00f3n adicionales. No es requerida una interacci\u00f3n del usuario para su explotaci\u00f3n. Producto: Android, Versiones: Android-9 Android-10 Android-11 Android-8.1, ID de Android: A-167389063"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DFAAD08-36DA-4C95-8200-C29FE5B6B854"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://source.android.com/security/bulletin/2021-07-01",
      "source": "security@android.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}