CVE-2017-0553Integer Overflow or Wraparound in INC Android

CWE-190Integer Overflow or Wraparound10 documents8 sources
Severity
7.0HIGHNVD
EPSS
0.3%
top 45.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian Libnl3Google INC AndroidGoogle Android
Timeline
PublishedApr 7
Latest updateMay 13

Description

An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl before 3.3.0 library.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages4 packages

debiandebian/libnl3< libnl3 3.2.27-2 (bookworm)
NVDgoogle/android11 versions+10
CVEListV5google_inc/android6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-697f-p26c-wf65: An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi2022-05-13
OSV
CVE-2017-0553: An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi2017-04-07

📋Vendor Advisories

5
Ubuntu
libnl vulnerability2017-06-19
Ubuntu
libnl vulnerability2017-06-06
Android
CVE-2017-0553: Android Security Bulletin 2017-04-01 CVE: CVE-2017-0553 Severity: MEDIUM Affected AOSP versions: 52017-04-01
Red Hat
libnl: Integer overflow in nlmsg_reserve()2017-02-07
Debian
CVE-2017-0553: libnl3 - An elevation of privilege vulnerability in libnl could enable a local malicious ...2017

💬Community

2
Bugzilla
CVE-2017-0553 libnl3: libnl: Integer overflow in nlmsg_reserve() [fedora-all]2017-04-10
Bugzilla
CVE-2017-0553 libnl: Integer overflow in nlmsg_reserve()2017-04-10