CVE-2017-13259

2018-03-0500:00:00

google_android

www.cve.org

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.9%

JSON

In functionality implemented in sdp_discovery.cc, there are possible out of bounds reads due to missing bounds checks. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68161546.

CNA Affected

[
  {
    "product": "Android",
    "vendor": "Google Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "5.1.1"
      },
      {
        "status": "affected",
        "version": "6.0"
      },
      {
        "status": "affected",
        "version": "6.0.1"
      },
      {
        "status": "affected",
        "version": "7.0"
      },
      {
        "status": "affected",
        "version": "7.1.1"
      },
      {
        "status": "affected",
        "version": "7.1.2"
      },
      {
        "status": "affected",
        "version": "8.0"
      },
      {
        "status": "affected",
        "version": "8.1"
      }
    ]
  }
]