NVD

Id
17206  
Name
CVE-2016-0849  
Description
Multiple integer overflows in minzip/SysUtil.c in the Recovery Procedure in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26960931.  
Reject
 
CVSS Version
2  
CVSS Score
7.2  
Severity
High  
CVSS Base Score
7.2  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:L/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-19  
Published
2016-04-17  
Modified Date
2016-04-20  
Seq
2016-0849  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
95655 17206 CVE-2016-0849 http://source.android.com/security/bulletin/2016-04-02.html  View
95656 17206 CVE-2016-0849 https://android.googlesource.com/platform/bootable/recovery/+/28a566f7731b4cb76d2a9ba16d997ac5aeb07dad  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
1391 JVNDB-2016-002164 Android の Recovery Procedure の minzip/SysUtil.c における整数オーバーフローの脆弱性 Android の Recovery Procedure の minzip/SysUtil.c には、整数オーバーフローの脆弱性が存在します。 CVE-2016-0849 87053 CVE-2016-0849 17206 7.2 8.4 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-002164.html 2016-04-04 2016-04-22 View