CVE-2015-6783

2015-12-0601:59:20

CWE-20

Chrome

web.nvd.nist.gov

cve-2015-6783

crazy linker

android 5.x

android 6.x

google chrome

zip file

signature validation

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

50.6%

JSON

The FindStartOffsetOfFileInZipFile function in crazy_linker_zip.cpp in crazy_linker (aka Crazy Linker) in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an EOCD record, which allows attackers to bypass a signature-validation requirement via a crafted ZIP archive.

Affected configurations

Nvd

Node

googleandroidMatch5.0

googleandroidMatch6.0

AND

googlechromeRange≤46.0.2490.86

VendorProductVersionCPE
googleandroid5.0cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
googleandroid6.0cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	5.0	cpe:2.3:o:google:android:5.0:::::::*
google	android	6.0	cpe:2.3:o:google:android:6.0:::::::*
google	chrome	*	cpe:2.3:a:google:chrome::::::::