In createFromParcel of VerifyCredentialResponse.java, there is a possible invalid parcel read due to improper input validation. This could lead to local escalation of privilege if mPayload in writeToParcel were null, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71714464.
References
Link | Resource |
---|---|
https://source.android.com/security/bulletin/2018-04-01 | Vendor Advisory |
https://source.android.com/security/bulletin/2018-04-01 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:11
Type | Values Removed | Values Added |
---|---|---|
References | () https://source.android.com/security/bulletin/2018-04-01 - Vendor Advisory |
Information
Published : 2018-04-04 16:29
Updated : 2024-11-21 03:11
NVD link : CVE-2017-13287
Mitre link : CVE-2017-13287
CVE.ORG link : CVE-2017-13287
JSON object : View
Products Affected
- android
CWE
CWE-20
Improper Input Validation