Sign-up

ID

VAR-201803-0089


CVE

CVE-2015-2020


TITLE

Android For MyScript SDK Vulnerable to unreliable data deserialization

Trust: 0.8

sources: JVNDB: JVNDB-2015-008175

DESCRIPTION

The MyScript SDK before 1.3 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. Android For MyScript SDK Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MyScript SDK for Android is a software development kit for the MyScript handwriting input recognition engine based on the Android platform. There are security vulnerabilities in versions of MyScript SDK based on the Android platform prior to 1.3

Trust: 2.16

sources: NVD: CVE-2015-2020 // JVNDB: JVNDB-2015-008175 // CNVD: CNVD-2018-09639

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-09639

AFFECTED PRODUCTS

vendor:myscriptmodel:myscriptscope:ltversion:1.3

Trust: 1.0

vendor:myscriptmodel:sdkscope:ltversion:1.3

Trust: 0.8

vendor:myscriptmodel:sdk for androidscope:ltversion:1.3

Trust: 0.6

sources: CNVD: CNVD-2018-09639 // JVNDB: JVNDB-2015-008175 // NVD: CVE-2015-2020

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-2020
value: CRITICAL

Trust: 1.0

NVD: CVE-2015-2020
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-09639
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-1119
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2015-2020
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-09639
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2015-2020
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-09639 // JVNDB: JVNDB-2015-008175 // CNNVD: CNNVD-201803-1119 // NVD: CVE-2015-2020

PROBLEMTYPE DATA

problemtype:CWE-502

Trust: 1.8

sources: JVNDB: JVNDB-2015-008175 // NVD: CVE-2015-2020

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-1119

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201803-1119

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-008175

PATCH
title:Top Pageurl:https://developer.myscript.com/
Trust: 0.8
title:Patch for MyScript SDK for Android deserialization code execution vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/129275
Trust: 0.6
title:MyScript SDK for Android Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82872
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-09639 // 
            
            
            
            JVNDB: JVNDB-2015-008175 // 
            
            
            
            CNNVD: CNNVD-201803-1119

EXTERNAL IDS
db:NVDid:CVE-2015-2020
Trust: 3.0
db:JVNDBid:JVNDB-2015-008175
Trust: 0.8
db:CNVDid:CNVD-2018-09639
Trust: 0.6
db:CNNVDid:CNNVD-201803-1119
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-09639 // 
            
            
            
            JVNDB: JVNDB-2015-008175 // 
            
            
            
            CNNVD: CNNVD-201803-1119 // 
            
            
            
            NVD: CVE-2015-2020

REFERENCES
url:https://alephsecurity.com/vulns/aleph-2015006
Trust: 3.0
url:https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf
Trust: 2.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2020
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-2020
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-09639 // 
            
            
            
            JVNDB: JVNDB-2015-008175 // 
            
            
            
            CNNVD: CNNVD-201803-1119 // 
            
            
            
            NVD: CVE-2015-2020

SOURCES
db:CNVDid:CNVD-2018-09639
db:JVNDBid:JVNDB-2015-008175
db:CNNVDid:CNNVD-201803-1119
db:NVDid:CVE-2015-2020

LAST UPDATE DATE
2024-11-23T22:22:12.155000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-09639date:2018-05-17T00:00:00
db:JVNDBid:JVNDB-2015-008175date:2018-05-29T00:00:00
db:CNNVDid:CNNVD-201803-1119date:2018-03-30T00:00:00
db:NVDid:CVE-2015-2020date:2024-11-21T02:26:36.477

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-09639date:2018-05-16T00:00:00
db:JVNDBid:JVNDB-2015-008175date:2018-05-29T00:00:00
db:CNNVDid:CNNVD-201803-1119date:2018-03-30T00:00:00
db:NVDid:CVE-2015-2020date:2018-03-29T18:29:01.060