CVE Vulnerabilities

CVE-2017-13274

Origin Validation Error

Published: Apr 04, 2018 | Modified: May 09, 2018
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71360761.

Weakness

The product does not properly verify that the source of data or communication is valid.

Affected Software

Name Vendor Start Version End Version
Android Google 7.1.2 7.1.2
Android Google 6.0.1 6.0.1
Android Google 6.0 6.0
Android Google 7.0 7.0
Android Google 8.0 8.0
Android Google 7.1.1 7.1.1
Android Google 8.1 8.1

References