CVE-2017-13309 — Sensitive Information Exposure in Google Android

3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 87.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Android

Timeline

PublishedNov 15

Description

In readEncryptedData of ConscryptEngine.java, there is a possible plaintext leak due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDgoogle/android8.1

▶googlegoogle/android

🔴Vulnerability Details

GHSA

GHSA-r764-fgc6-fqw3: In readEncryptedData of ConscryptEngine↗2024-11-15

▶

📋Vendor Advisories

Android

CVE-2017-13309: Android Security Bulletin 2018-05-01 CVE: CVE-2017-13309 Severity: HIGH Type: ID Affected AOSP versions: 8↗2018-05-01

▶