CVE-2021-0510 — Integer Overflow or Wraparound in Google Android

CWE-190 — Integer Overflow or Wraparound CWE-787 — Out-of-bounds Write5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 92.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform Frameworks AV Platform Hardware Interfaces Google Android

Timeline

PublishedJun 21

Latest updateMay 24

Description

In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444622

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5google/androidAndroid-9 Android-10 Android-11 Android-8.1

▶NVDgoogle/android4 versions+3

▶Androidplatform/frameworks_av9:0 — 9:2021-06-01+2

▶Androidplatform/hardware_interfaces8.1:0 — 8.1:2021-06-01+3

Patches

Patch: source.android.com ↗Patch: source.android.com ↗

🔴Vulnerability Details

GHSA

GHSA-jxff-g9w9-cmhx: In decrypt_1_2 of CryptoPlugin↗2022-05-24

▶

CVEList

CVE-2021-0510: In decrypt_1_2 of CryptoPlugin↗2021-06-21

▶

OSV

CVE-2021-0510: In decrypt_1_2 of CryptoPlugin↗2021-06-01

▶

📋Vendor Advisories

Android

CVE-2021-0510: Android Security Bulletin 2021-06-01 CVE: CVE-2021-0510 Severity: HIGH Type: EoP Affected AOSP versions: 8↗2021-06-01

▶