CVE Vulnerabilities

CVE-2020-15165

Embedded Malicious Code

Published: Aug 28, 2020 | Modified: Nov 21, 2024
CVSS 3.x
9.1
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had its sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending all users upgrade to v1.1.8 as soon as possible. For more information, review the referenced GitHub Security Advisory.

Weakness 

The product contains code that appears to be malicious in nature.

Affected Software 

Name Vendor Start Version End Version
Chameleon_mini_live_debugger Chameleon_mini_live_debugger_project 1.1.6 (including) 1.1.6 (including)

Potential Mitigations 

References