CVE-2021-0601Double Free in Google Android

CWE-415Double FreeCWE-787Out-of-bounds Write5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 87.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform External LibavcGoogle Android
Timeline
PublishedJul 14
Latest updateMay 24

Description

In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of bounds write due to a double free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-180643802

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5google/androidAndroid-10 Android-11 Android-8.1 Android-9
NVDgoogle/android4 versions+3
Androidplatform/external_libavc8.1:08.1:2021-07-01+3

🔴Vulnerability Details

3
GHSA
GHSA-xj92-rmr8-86pw: In encodeFrames of avc_enc_fuzzer2022-05-24
CVEList
CVE-2021-0601: In encodeFrames of avc_enc_fuzzer2021-07-14
OSV
CVE-2021-0601: In encodeFrames of avc_enc_fuzzer2021-07-01

📋Vendor Advisories

1
Android
CVE-2021-0601: Android Security Bulletin 2021-07-01 CVE: CVE-2021-0601 Severity: HIGH Type: ID Affected AOSP versions: 82021-07-01
CVE-2021-0601 — Double Free in Google Android | cvebase