Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2017-13255

CVE information

Published

5 years ago

Last Modified

5 years ago

CVSSv2.0 Severity

High

CVSSv3.1 Severity

High

Impact Analysis

Description

In process_service_attr_req of sdp_server.c, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68776054..

CVSSv2.0 Score

Severity
High
Base Score
8.3/10
Exploit Score
6.5/10
Access Vector
Adjacent_network
Access Complexity
Low
Authentication Required
None
Impact Score
10/10
Confidentiality Impact
Complete
Availability Impact
Complete
Integrity Impact
Complete

CVSSv3.1 Score

Severity
High
Base Score
8.8/10
Exploit Score
2.8/10
Access Vector
Adjacent_network
Access Complexity
Low
Privileges Required
None
Impact Score
5.9/10
Confidentiality Impact
High
Availability Impact
High
Integrity Impact
High
Scope
Unchanged
User Interaction
None

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
  Yes
- -