mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
173 lines
5.8 KiB
JSON
173 lines
5.8 KiB
JSON
{
|
|
"id": "CVE-2017-0382",
|
|
"sourceIdentifier": "security@android.com",
|
|
"published": "2017-01-12T20:59:02.000",
|
|
"lastModified": "2024-11-21T03:02:52.557",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32338390."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en la librer\u00eda Framesequence podr\u00eda permitir a un atacante utilizar un archivo especialmente manipulado para ejecutar un c\u00f3digo arbitrario en el contexto de un proceso no privilegiado. Este problema est\u00e1 clasificado como High debido a la posibilidad de ejecuci\u00f3n remota de c\u00f3digo en una aplicaci\u00f3n que usa la librer\u00eda Framesequence. Producto: Android. Versiones: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32338390."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
|
"baseScore": 7.8,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
|
"baseScore": 6.8,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL"
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-noinfo"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7C4E6353-B77A-464F-B7DE-932704003B33"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "77125688-2CCA-4990-ABB2-551D47CB0CDD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E9915371-C730-41F7-B86E-7E4DE0DF5385"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E7A8EC00-266C-409B-AD43-18E8DFCD6FE3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B846C63A-7261-481E-B4A4-0D8C79E0D8A7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B1D94CDD-DE7B-444E-A3AE-AE9C9A779374"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FC30B2A2-9674-4052-B402-20348E50F9E8"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/95247",
|
|
"source": "security@android.com",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://source.android.com/security/bulletin/2017-01-01.html",
|
|
"source": "security@android.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/95247",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://source.android.com/security/bulletin/2017-01-01.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |