NVD

Id
19632  
Name
CVE-2016-3890  
Description
The Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842.  
Reject
 
CVSS Version
2  
CVSS Score
7.6  
Severity
High  
CVSS Base Score
7.6  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-19  
Published
2016-09-11  
Modified Date
2016-11-28  
Seq
2016-3890  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
107695 19632 CVE-2016-3890 http://source.android.com/security/bulletin/2016-09-01.html  View
107696 19632 CVE-2016-3890 92851  View
107697 19632 CVE-2016-3890 https://android.googlesource.com/platform/system/core/+/014b01706cc64dc9c2ad94a96f62e07c058d0b5d  View
107698 19632 CVE-2016-3890 https://android.googlesource.com/platform/system/core/+/268068f25673242d1d5130d96202d3288c91b700  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
3898 JVNDB-2016-004671 Android の adb/sockets.cpp の Java Debug Wire Protocol の実装における権限を取得される脆弱性 Android の adb/sockets.cpp の Java Debug Wire Protocol (JDWP) の実装は、ソケットのクローズ操作を誤って処理するため、権限を取得される脆弱性が存在します。 CVE-2016-3890 90396 CVE-2016-3890 19632 7.6 7 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-004671.html 2016-09-06 2016-09-14 View