CVE-2016-0807
published 2016-02-07CVE-2016-0807: The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that…
PriorityP336high8.4CVSS 3.0
AVLACLPRNUINSUCHIHAH
EPSS
0.21%
11.9th percentile
The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | android-platform-system-core | < android-platform-system-core 1:7.0.0+r1-1 (bullseye) | android-platform-system-core 1:7.0.0+r1-1 (bullseye) |
| android | — | — | |
| android | — | — | |
| android | — | — |
CVSS provenance
nvdv3.08.4HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv8.4HIGH
vendor_debian8.4LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Android
CVE-2016-0807: Android Security Bulletin 2016-02-01
CVE: CVE-2016-0807
Severity: CRITICAL
Affected AOSP versions: 6
vendor_android·2016-02-01·CVSS 8.4
CVE-2016-0807 [HIGH] CVE-2016-0807: Android Security Bulletin 2016-02-01
CVE: CVE-2016-0807
Severity: CRITICAL
Affected AOSP versions: 6
Android Security Bulletin 2016-02-01
CVE: CVE-2016-0807
Severity: CRITICAL
Affected AOSP versions: 6.0 and 6.0.1
Debian
CVE-2016-0807: android-platform-system-core - The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 20...
vendor_debian·2016·CVSS 8.4
CVE-2016-0807 [HIGH] CVE-2016-0807: android-platform-system-core - The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 20...
The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394.
Scope: local
bullseye: resolved (fixed in 1:7.0.0+r1-1)
GHSA
GHSA-c6wm-7cfc-hf64: The get_build_id function in elf_utils
ghsa_unreviewed·2022-05-17
CVE-2016-0807 [HIGH] GHSA-c6wm-7cfc-hf64: The get_build_id function in elf_utils
The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394.
OSV
CVE-2016-0807: The get_build_id function in elf_utils
osv·2016-02-07·CVSS 8.4
CVE-2016-0807 [HIGH] CVE-2016-0807: The get_build_id function in elf_utils
The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://source.android.com/security/bulletin/2016-02-01.htmlhttps://android.googlesource.com/platform%2Fsystem%2Fcore/+/d917514bd6b270df431ea4e781a865764d406120http://source.android.com/security/bulletin/2016-02-01.htmlhttps://android.googlesource.com/platform%2Fsystem%2Fcore/+/d917514bd6b270df431ea4e781a865764d406120
2016-02-07
Published