CVE-2017-5217

CWE-20Improper Input ValidationCWE-119Buffer Overflow3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 64.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Samsung Samsung Mobile
Timeline
PublishedJan 9
Latest updateMay 17

Description

Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app that it has embedded within it. The active install session of the embedded app is performed using the android.content.pm.PackageInstaller class and its nested classes in the Android API. The active install session will wri

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDsamsung/samsung_mobile4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-gwv4-rqw3-4w2c: Installing a zero-permission Android application on certain Samsung Android devices with KK(42022-05-17
CVEList
CVE-2017-5217: Installing a zero-permission Android application on certain Samsung Android devices with KK(42017-01-09
CVE-2017-5217 (MEDIUM CVSS 5.5) | Installing a zero-permission Androi | cvebase.io