cbcvebase.
CVE-2021-0326
published 2021-02-10

CVE-2021-0326: In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target…

PriorityP350high7.5CVSS 3.1
AVAACHPRNUINSUCHIHAH
EPSS
4.71%
90.7th percentile
In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525

Affected

16 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debianwpa< wpa 2:2.9.0-17 (bookworm)wpa 2:2.9.0-17 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
platformexternal_wpa_supplicant_8>= 10:0 < 10:2021-02-0110:2021-02-01
platformexternal_wpa_supplicant_8>= 11:0 < 11:2021-02-0111:2021-02-01
platformexternal_wpa_supplicant_8>= 8.0:0 < 8.0:2021-02-018.0:2021-02-01
platformexternal_wpa_supplicant_8>= 8.1:0 < 8.1:2021-02-018.1:2021-02-01
platformexternal_wpa_supplicant_8>= 9:0 < 9:2021-02-019:2021-02-01

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.9HIGHAV:A/AC:M/Au:N/C:C/I:C/A:C
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.