CVE-2021-0396
published 2021-03-10CVE-2021-0396: In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc and related files, there is a possible out of bounds write due to an incorrect bounds…
PriorityP258critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.93%
77.5th percentile
In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc and related files, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-160610106
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| isc | bind9 | >= 0 < 1:9.11.3+dfsg-1ubuntu1.17 | 1:9.11.3+dfsg-1ubuntu1.17 |
| isc | bind9 | >= 0 < 1:9.16.1-0ubuntu2.10 | 1:9.16.1-0ubuntu2.10 |
| platform | external_v8 | >= 10:0 < 10:2021-03-01 | 10:2021-03-01 |
| platform | external_v8 | >= 11:0 < 11:2021-03-01 | 11:2021-03-01 |
| platform | external_v8 | >= 8.1:0 < 8.1:2021-03-01 | 8.1:2021-03-01 |
| platform | external_v8 | >= 9:0 < 9:2021-03-01 | 9:2021-03-01 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability exists in Builtins::Generate_ArgumentsAdaptorTrampoline within builtins-arm.cc and related architecture-specific files; monitor for exploitation attempts targeting this function via JavaScript engine abuse in Android WebView or V8-based components ↗
- →Affected Android versions are 8.1, 9, 10, and 11; prioritize detection and patching on unpatched devices running these versions, particularly those exposed to untrusted content (e.g., browsers, app sandboxes) ↗
- →Classified as Remote Code Execution (RCE) with HIGH severity requiring no user interaction and no additional privileges; treat any anomalous unprivileged process crashes or memory corruption signals on affected Android versions as potential exploitation indicators ↗
- ·No public proof-of-concept exploit code, hashes, domains, IPs, or network indicators were referenced in the available sources; IOC-based detection is not possible from current documentation alone ↗
- ·The Android Security Bulletin reference A-160610106 is an internal Android bug tracker ID; full technical details and patch diffs may be available via AOSP Gerrit but were not included in the provided sources, limiting actionable IOC extraction ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ggj5-j4hh-6cgh: In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm
ghsa_unreviewed·2022-05-24
CVE-2021-0396 [CRITICAL] CWE-787 GHSA-ggj5-j4hh-6cgh: In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm
In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc and related files, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-160610106
OSV
bind9 vulnerabilities
osv·2022-03-17·CVSS 6.8
CVE-2021-25220 bind9 vulnerabilities
bind9 vulnerabilities
Xiang Li, Baojun Liu, Chaoyi Lu, and Changgen Zou discovered that Bind
incorrectly handled certain bogus NS records when using forwarders. A
remote attacker could possibly use this issue to manipulate cache results.
(CVE-2021-25220)
It was discovered that Bind incorrectly handled certain crafted TCP
streams. A remote attacker could possibly use this issue to cause Bind to
consume resources, leading to a denial of service. This issue only affected
Ubuntu 21.10. (CVE-2022-0396)
OSV
CVE-2021-0396: In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm
osv·2021-03-01
CVE-2021-0396 CVE-2021-0396: In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm
In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc and related files, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.
CISA ICS
Siemens SIMATIC
cisa_ics·2024-03-14
Siemens SIMATIC
ICS Advisory
##
Siemens SIMATIC
Release DateMarch 14, 2024
Alert CodeICSA-24-074-07
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC
- Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Improper Input Validation, Missing Encryption of Sensitive Data, Incorrect Permission Assignment for Critical Resource, Expected Beha
Android
CVE-2021-0396: Android Security Bulletin 2021-03-01
CVE: CVE-2021-0396
Severity: HIGH
Type: RCE
Affected AOSP versions: 8
vendor_android·2021-03-01·CVSS 9.8
CVE-2021-0396 [CRITICAL] CVE-2021-0396: Android Security Bulletin 2021-03-01
CVE: CVE-2021-0396
Severity: HIGH
Type: RCE
Affected AOSP versions: 8
Android Security Bulletin 2021-03-01
CVE: CVE-2021-0396
Severity: HIGH
Type: RCE
Affected AOSP versions: 8.1, 9, 10, 11
References: A-160610106
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-03-10
Published