CVE-2021-0484 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2021-0484

Analyzed

More Info Official Page

Source-security@android.com

Published At-11 Jun, 2021 | 17:15

Updated At-15 Jun, 2021 | 19:33

In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-173720767

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary	2.0	2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N

Type: Primary

Version: 3.1

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Type: Primary

Version: 2.0

Base score: 2.1

Base severity: LOW

Vector:

AV:L/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

>>android>>8.1

cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*

>>android>>9.0

cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

>>android>>10.0

cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*

>>android>>11.0

cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-909	Primary	nvd@nist.gov

CWE ID: CWE-909

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://source.android.com/security/bulletin/2021-05-01	security@android.com	Patch Vendor Advisory

Hyperlink: https://source.android.com/security/bulletin/2021-05-01

Source: security@android.com

Resource:

Patch

Vendor Advisory