Lucene search

[email protected]CVE-2015-1528

HistoryOct 01, 2015 - 12:59 a.m.

CVE-2015-1528

2015-10-0100:59:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2015-1528

android

integer overflow

denial of service

memory corruption

7 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

36.4%

JSON

Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application’s privileges or cause a denial of service (Binder heap memory corruption) via a crafted application, aka internal bug 19334482.

CPENameOperatorVersion
google:androidgoogle androidle5.1

CPE	Name	Operator	Version
google:android	google android	le	5.1

References

android.googlesource.com/platform/frameworks/native/+/7dcd0ec9c91688cfa3f679804ba6e132f9811254

android.googlesource.com/platform/system/core/+/e8c62fb484151f76ab88b1d5130f38de24ac8c14

groups.google.com/forum/message/raw?msg=android-security-updates/1M7qbSvACjo/Y7jewiW1AwAJ

www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf

7 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

36.4%

JSON

Related for CVE-2015-1528

prion1 ubuntucve1 androidsecurity1