Sign-up

ID

VAR-201801-0049


CVE

CVE-2016-5345


TITLE

Android Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-008894

DESCRIPTION

Buffer overflow in the Qualcomm radio driver in Android before 2017-01-05 on Android One devices allows local users to gain privileges via a crafted application, aka Android internal bug 32639452 and Qualcomm internal bug CR1079713. Android Contains a buffer error vulnerability. This vulnerability Android ID: A-32639452 and Qualcomm QC-CR#1079713 It is published asInformation is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GoogleAndroidOne is a smartphone from Google Inc. in the United States. Qualcomm is a device-specific Qualcomm component used by Qualcomm. An attacker could exploit this vulnerability to execute arbitrary code with elevated privileges in the context of the kernel. This issue is being tracked as Android ID A-32639452

Trust: 2.52

sources: NVD: CVE-2016-5345 // JVNDB: JVNDB-2016-008894 // CNVD: CNVD-2017-00332 // BID: 95273 // VULMON: CVE-2016-5345

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-00332

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion: -

Trust: 1.6

vendor:googlemodel:android onescope:eqversion:0

Trust: 0.9

vendor:googlemodel:androidscope:eqversion:2017-01-05

Trust: 0.8

sources: CNVD: CNVD-2017-00332 // BID: 95273 // JVNDB: JVNDB-2016-008894 // CNNVD: CNNVD-201701-127 // NVD: CVE-2016-5345

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-5345
value: HIGH

Trust: 1.0

NVD: CVE-2016-5345
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-00332
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201701-127
value: MEDIUM

Trust: 0.6

VULMON: CVE-2016-5345
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-5345
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-00332
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2016-5345
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-00332 // VULMON: CVE-2016-5345 // JVNDB: JVNDB-2016-008894 // CNNVD: CNNVD-201701-127 // NVD: CVE-2016-5345

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2016-008894 // NVD: CVE-2016-5345

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201701-127

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201701-127

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008894

PATCH
title:Android のセキュリティに関する公開情報 - 2017 年 1 月url:https://source.android.com/security/bulletin/2017-01-01
Trust: 0.8
title:radio-iris: check argument values before copying the dataurl:https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=67118716a2933f6f30a25ea7e3946569a8b191c6
Trust: 0.8
title:Patch for GoogleAndroidOneQualcommRadioDriver privilege escalation vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/87809
Trust: 0.6
title:Google Android One Qualcomm radio Fixes for driver permission and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66862
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—January 2017url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=e8654f311f23268a7da69416ca7535a2
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-00332 // 
            
            
            
            VULMON: CVE-2016-5345 // 
            
            
            
            JVNDB: JVNDB-2016-008894 // 
            
            
            
            CNNVD: CNNVD-201701-127

EXTERNAL IDS
db:NVDid:CVE-2016-5345
Trust: 3.4
db:BIDid:95273
Trust: 2.6
db:JVNDBid:JVNDB-2016-008894
Trust: 0.8
db:CNVDid:CNVD-2017-00332
Trust: 0.6
db:CNNVDid:CNNVD-201701-127
Trust: 0.6
db:VULMONid:CVE-2016-5345
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-00332 // 
            
            
            
            VULMON: CVE-2016-5345 // 
            
            
            
            BID: 95273 // 
            
            
            
            JVNDB: JVNDB-2016-008894 // 
            
            
            
            CNNVD: CNNVD-201701-127 // 
            
            
            
            NVD: CVE-2016-5345

REFERENCES
url:http://www.securityfocus.com/bid/95273
Trust: 2.4
url:https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=67118716a2933f6f30a25ea7e3946569a8b191c6
Trust: 2.0
url:https://source.android.com/security/bulletin/2017-01-01.html
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5345
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-5345
Trust: 0.8
url:http://code.google.com/android/
Trust: 0.3
url:https://source.android.com/security/bulletin/2017-01-01.html 
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-00332 // 
            
            
            
            VULMON: CVE-2016-5345 // 
            
            
            
            BID: 95273 // 
            
            
            
            JVNDB: JVNDB-2016-008894 // 
            
            
            
            CNNVD: CNNVD-201701-127 // 
            
            
            
            NVD: CVE-2016-5345

CREDITS
The vendor reported the issue.
Trust: 0.3
sources:
            
            
            BID: 95273

SOURCES
db:CNVDid:CNVD-2017-00332
db:VULMONid:CVE-2016-5345
db:BIDid:95273
db:JVNDBid:JVNDB-2016-008894
db:CNNVDid:CNNVD-201701-127
db:NVDid:CVE-2016-5345

LAST UPDATE DATE
2024-11-23T22:42:00.319000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-00332date:2017-01-11T00:00:00
db:VULMONid:CVE-2016-5345date:2018-02-12T00:00:00
db:BIDid:95273date:2017-01-12T01:09:00
db:JVNDBid:JVNDB-2016-008894date:2018-02-27T00:00:00
db:CNNVDid:CNNVD-201701-127date:2017-01-06T00:00:00
db:NVDid:CVE-2016-5345date:2024-11-21T02:54:08.780

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-00332date:2017-01-11T00:00:00
db:VULMONid:CVE-2016-5345date:2018-01-23T00:00:00
db:BIDid:95273date:2017-01-03T00:00:00
db:JVNDBid:JVNDB-2016-008894date:2018-02-27T00:00:00
db:CNNVDid:CNNVD-201701-127date:2017-01-06T00:00:00
db:NVDid:CVE-2016-5345date:2018-01-23T01:29:00.193