CVE-2014-7911 (GCVE-0-2014-7911)

Vulnerability from cvelistv5 – Published: 2014-12-15 17:27 – Updated: 2024-08-06 13:03
VLAI?
Summary
luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:03:27.669Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://android.googlesource.com/platform/libcore/+/738c833d38d41f8f76eb7e77ab39add82b1ae1e2"
          },
          {
            "name": "20141119 CVE-2014-7911: Android \u003c5.0 Privilege Escalation using ObjectInputStream",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Nov/51"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-12-14T06:57:00",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://android.googlesource.com/platform/libcore/+/738c833d38d41f8f76eb7e77ab39add82b1ae1e2"
        },
        {
          "name": "20141119 CVE-2014-7911: Android \u003c5.0 Privilege Escalation using ObjectInputStream",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Nov/51"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2014-7911",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://android.googlesource.com/platform/libcore/+/738c833d38d41f8f76eb7e77ab39add82b1ae1e2",
              "refsource": "CONFIRM",
              "url": "https://android.googlesource.com/platform/libcore/+/738c833d38d41f8f76eb7e77ab39add82b1ae1e2"
            },
            {
              "name": "20141119 CVE-2014-7911: Android \u003c5.0 Privilege Escalation using ObjectInputStream",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Nov/51"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2014-7911",
    "datePublished": "2014-12-15T17:27:00",
    "dateReserved": "2014-10-06T00:00:00",
    "dateUpdated": "2024-08-06T13:03:27.669Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.4.4\", \"matchCriteriaId\": \"53885773-16E2-4D30-BBA4-43F928098515\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0721FD34-5F94-4828-A8AA-EF70FAB71FC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73CA4D29-321A-41ED-A75A-1EBB14A771C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C354829-6BEB-4C67-972A-60367073753C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"702B40EB-76BC-4686-A46E-D02DBE3A86E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4685EA90-1E01-4FFB-AE31-91FD5D69E2D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"938DC86D-C783-4EFA-9AB6-3ADC8CD7BB41\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A33DBF65-09A6-4149-BABE-2FFFBF10C31D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"78B69434-13B2-4A43-AEB0-55E0ED403E54\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:2.2:rev1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1755B91-1B6B-4A9E-BB6B-22B399A6DD02\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:2.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A92E88F-CCED-41D7-AFB7-CE1F9265E546\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:2.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D13D3A00-27A0-4635-9D50-05CA81950691\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:2.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EB959DB-AFE7-4667-9662-949ADAB81CE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18669EEC-ABB9-4CE4-8C0E-A88BE08EC368\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:2.3:rev1:*:*:*:*:*:*\", \"matchCriteriaId\": \"61D64B87-F1F1-4E52-86AE-F28E2C43A9A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:2.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83AB2497-59DE-4253-A758-A3D03FAEB913\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:2.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E197EC0-82DF-49D5-BD1A-7EA22EC0B806\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:2.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"286EED24-E011-4009-BC2E-B63CA06072CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:2.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D634E2E3-4E8A-4C88-A6BF-DBE7439EB3B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:2.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77E6F4DF-F80F-4A9B-871E-155C0D3DD449\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:2.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CC08431-C70E-4964-B7C0-C9C45F70DCD2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:2.3.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A2A79C6-A7BD-46C2-8320-B9652135F3BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6997F035-D2F5-4174-B979-5D42FF69D9AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E1FD2E59-59BF-4611-B65B-A2981127CAC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86BFE05E-9749-43AA-8DB6-E2F13C2E1759\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:3.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48DCE4AD-D629-4F0B-AFA8-6CAD061D5FA6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:3.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DAAB25F-26E4-4493-B3DA-F87240633031\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:3.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96CD6B49-B9D4-493E-902D-B4EF48260BB0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:3.2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB73EBA4-A9BE-4C40-9E6D-649E89D2C3F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A39C31E3-75C0-4E92-A6B5-7D67B22E3449\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB318EA4-2908-4B91-8DBB-20008FDF528A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F4E46A9-B652-47CE-92E8-01021E57724B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36DD8E3F-6308-4680-B932-4CBD8E58A7FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DA9F0F7-D592-481E-884C-B1A94E702825\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CD857E7-B878-49F9-BDDA-93DDEBB0B42B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A47AB858-36DE-4330-8CAC-1B46C5C8DA80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49413FF7-7910-4F74-B106-C3170612CB2A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8882E50-7C49-4A99-91F2-DF979CF8BB2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98C32982-095C-4628-9958-118A3D3A9CAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291.\"}, {\"lang\": \"es\", \"value\": \"luni/src/main/java/java/io/ObjectInputStream.java en la implementaci\\u00f3n java.io.ObjectInputStream en Android anterior a 5.0.0 no verifica que la deserializaci\\u00f3n resultar\\u00e1 en un objeto que reuni\\u00f3 los requisitos para la serializaci\\u00f3n, lo que permite a atacantes ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de un m\\u00e9todo de finalizar para un objeto serializado en un paquete ArrayMap dentor de un intento enviado a system_service, tal y como fue demostrado por el m\\u00e9todo de finalizar de android.os.BinderProxy, tambi\\u00e9n conocido como Bug 15874291.\"}]",
      "id": "CVE-2014-7911",
      "lastModified": "2024-11-21T02:18:15.143",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-12-15T18:59:15.520",
      "references": "[{\"url\": \"http://seclists.org/fulldisclosure/2014/Nov/51\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://android.googlesource.com/platform/libcore/+/738c833d38d41f8f76eb7e77ab39add82b1ae1e2\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://seclists.org/fulldisclosure/2014/Nov/51\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://android.googlesource.com/platform/libcore/+/738c833d38d41f8f76eb7e77ab39add82b1ae1e2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "chrome-cve-admin@google.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-7911\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2014-12-15T18:59:15.520\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291.\"},{\"lang\":\"es\",\"value\":\"luni/src/main/java/java/io/ObjectInputStream.java en la implementaci\u00f3n java.io.ObjectInputStream en Android anterior a 5.0.0 no verifica que la deserializaci\u00f3n resultar\u00e1 en un objeto que reuni\u00f3 los requisitos para la serializaci\u00f3n, lo que permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un m\u00e9todo de finalizar para un objeto serializado en un paquete ArrayMap dentor de un intento enviado a system_service, tal y como fue demostrado por el m\u00e9todo de finalizar de android.os.BinderProxy, tambi\u00e9n conocido como Bug 15874291.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.4.4\",\"matchCriteriaId\":\"53885773-16E2-4D30-BBA4-43F928098515\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0721FD34-5F94-4828-A8AA-EF70FAB71FC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73CA4D29-321A-41ED-A75A-1EBB14A771C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C354829-6BEB-4C67-972A-60367073753C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"702B40EB-76BC-4686-A46E-D02DBE3A86E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4685EA90-1E01-4FFB-AE31-91FD5D69E2D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"938DC86D-C783-4EFA-9AB6-3ADC8CD7BB41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A33DBF65-09A6-4149-BABE-2FFFBF10C31D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78B69434-13B2-4A43-AEB0-55E0ED403E54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.2:rev1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1755B91-1B6B-4A9E-BB6B-22B399A6DD02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A92E88F-CCED-41D7-AFB7-CE1F9265E546\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D13D3A00-27A0-4635-9D50-05CA81950691\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EB959DB-AFE7-4667-9662-949ADAB81CE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18669EEC-ABB9-4CE4-8C0E-A88BE08EC368\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.3:rev1:*:*:*:*:*:*\",\"matchCriteriaId\":\"61D64B87-F1F1-4E52-86AE-F28E2C43A9A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83AB2497-59DE-4253-A758-A3D03FAEB913\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E197EC0-82DF-49D5-BD1A-7EA22EC0B806\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"286EED24-E011-4009-BC2E-B63CA06072CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D634E2E3-4E8A-4C88-A6BF-DBE7439EB3B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77E6F4DF-F80F-4A9B-871E-155C0D3DD449\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CC08431-C70E-4964-B7C0-C9C45F70DCD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A2A79C6-A7BD-46C2-8320-B9652135F3BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6997F035-D2F5-4174-B979-5D42FF69D9AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1FD2E59-59BF-4611-B65B-A2981127CAC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86BFE05E-9749-43AA-8DB6-E2F13C2E1759\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48DCE4AD-D629-4F0B-AFA8-6CAD061D5FA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DAAB25F-26E4-4493-B3DA-F87240633031\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:3.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96CD6B49-B9D4-493E-902D-B4EF48260BB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:3.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB73EBA4-A9BE-4C40-9E6D-649E89D2C3F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A39C31E3-75C0-4E92-A6B5-7D67B22E3449\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB318EA4-2908-4B91-8DBB-20008FDF528A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F4E46A9-B652-47CE-92E8-01021E57724B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36DD8E3F-6308-4680-B932-4CBD8E58A7FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DA9F0F7-D592-481E-884C-B1A94E702825\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CD857E7-B878-49F9-BDDA-93DDEBB0B42B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A47AB858-36DE-4330-8CAC-1B46C5C8DA80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49413FF7-7910-4F74-B106-C3170612CB2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8882E50-7C49-4A99-91F2-DF979CF8BB2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98C32982-095C-4628-9958-118A3D3A9CAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2014/Nov/51\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://android.googlesource.com/platform/libcore/+/738c833d38d41f8f76eb7e77ab39add82b1ae1e2\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/Nov/51\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://android.googlesource.com/platform/libcore/+/738c833d38d41f8f76eb7e77ab39add82b1ae1e2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.