Sign-up

ID

VAR-201803-0094


CVE

CVE-2015-2004


TITLE

Android for GraceNote GNSDK Vulnerabilities related to range errors

Trust: 0.8

sources: JVNDB: JVNDB-2015-008174

DESCRIPTION

The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. Android for GraceNote GNSDK Contains a range error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GraceNote GNSDK SDK for Android is a software development kit for building music applications based on the Android platform. It can identify CDs, digital music files, and streaming audio. There are security vulnerabilities in GraceNote GNSDK SDK based on Android platform before version 1.1.7

Trust: 2.25

sources: NVD: CVE-2015-2004 // JVNDB: JVNDB-2015-008174 // CNVD: CNVD-2018-08095 // VULMON: CVE-2015-2004

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-08095

AFFECTED PRODUCTS

vendor:gracenotemodel:gnsdkscope:ltversion:1.1.7

Trust: 1.0

vendor:gracenotemodel:gnsdkscope:ltversion:svn changeset 1.1.7

Trust: 0.8

vendor:gracenotemodel:gnsdk sdk for android <svn changesetscope:eqversion:1.1.7

Trust: 0.6

sources: CNVD: CNVD-2018-08095 // JVNDB: JVNDB-2015-008174 // NVD: CVE-2015-2004

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-2004
value: CRITICAL

Trust: 1.0

NVD: CVE-2015-2004
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-08095
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-1121
value: HIGH

Trust: 0.6

VULMON: CVE-2015-2004
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-2004
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-08095
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2015-2004
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-08095 // VULMON: CVE-2015-2004 // JVNDB: JVNDB-2015-008174 // CNNVD: CNNVD-201803-1121 // NVD: CVE-2015-2004

PROBLEMTYPE DATA

problemtype:CWE-118

Trust: 1.8

sources: JVNDB: JVNDB-2015-008174 // NVD: CVE-2015-2004

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-1121

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201803-1121

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-008174

PATCH
title:Top Pageurl:http://www.gracenote.com/
Trust: 0.8
title:Patch for GraceNote GNSDK SDK for Android Arbitrary Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/126765
Trust: 0.6
title:GraceNote GNSDK SDK for Android Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82874
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-08095 // 
            
            
            
            JVNDB: JVNDB-2015-008174 // 
            
            
            
            CNNVD: CNNVD-201803-1121

EXTERNAL IDS
db:NVDid:CVE-2015-2004
Trust: 3.1
db:JVNDBid:JVNDB-2015-008174
Trust: 0.8
db:CNVDid:CNVD-2018-08095
Trust: 0.6
db:CNNVDid:CNNVD-201803-1121
Trust: 0.6
db:VULMONid:CVE-2015-2004
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-08095 // 
            
            
            
            VULMON: CVE-2015-2004 // 
            
            
            
            JVNDB: JVNDB-2015-008174 // 
            
            
            
            CNNVD: CNNVD-201803-1121 // 
            
            
            
            NVD: CVE-2015-2004

REFERENCES
url:https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf
Trust: 2.5
url:https://alephsecurity.com/vulns/aleph-2015005
Trust: 2.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2004
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-2004
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/118.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-08095 // 
            
            
            
            VULMON: CVE-2015-2004 // 
            
            
            
            JVNDB: JVNDB-2015-008174 // 
            
            
            
            CNNVD: CNNVD-201803-1121 // 
            
            
            
            NVD: CVE-2015-2004

SOURCES
db:CNVDid:CNVD-2018-08095
db:VULMONid:CVE-2015-2004
db:JVNDBid:JVNDB-2015-008174
db:CNNVDid:CNNVD-201803-1121
db:NVDid:CVE-2015-2004

LAST UPDATE DATE
2024-11-23T22:26:27.607000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-08095date:2018-04-23T00:00:00
db:VULMONid:CVE-2015-2004date:2018-04-23T00:00:00
db:JVNDBid:JVNDB-2015-008174date:2018-05-28T00:00:00
db:CNNVDid:CNNVD-201803-1121date:2020-07-23T00:00:00
db:NVDid:CVE-2015-2004date:2024-11-21T02:26:34.807

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-08095date:2018-04-23T00:00:00
db:VULMONid:CVE-2015-2004date:2018-03-29T00:00:00
db:JVNDBid:JVNDB-2015-008174date:2018-05-28T00:00:00
db:CNNVDid:CNNVD-201803-1121date:2018-03-30T00:00:00
db:NVDid:CVE-2015-2004date:2018-03-29T18:29:00.903