CVE-2017-0666Incorrect Calculation in INC Android

CWE-682Incorrect CalculationCWE-276Incorrect Default Permissions7 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 89.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Steveklabnik Request StoreGoogle INC AndroidGoogle Android
Timeline
PublishedJul 6
Latest updateAug 23

Description

A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37285689.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDgoogle/android8 versions+7
CVEListV5google_inc/androidAndroid-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2
RubyGemssteveklabnik/request_store1.3.21.4.0

🔴Vulnerability Details

3
GHSA
request_store has Incorrect Default Permissions2024-08-23
GHSA
GHSA-4xjf-ffmr-pj4g: A elevation of privilege vulnerability in the Android framework2022-05-13
OSV
CVE-2017-0666: A elevation of privilege vulnerability in the Android framework2017-07-06

📋Vendor Advisories

2
Red Hat
RequestStore: Incorrect Default Permissions in request_store 1.3.22024-08-23
Android
CVE-2017-0666: Android Security Bulletin 2017-07-01 CVE: CVE-2017-0666 Severity: HIGH Type: EoP Affected AOSP versions: 42017-07-01

💬Community

1
Bugzilla
CVE-2017-11368 krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure2017-07-21
CVE-2017-0666 — Incorrect Calculation in INC Android | cvebase