CVE-2021-35113 — Improper Verification of Cryptographic Signature in Google Android

CWE-347 — Improper Verification of Cryptographic Signature3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.0%

top 93.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Android

Timeline

PublishedSep 2

Latest updateJan 1

Description

Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages1 packages

▶googlegoogle/android

🔴Vulnerability Details

GHSA

GHSA-73v4-jjr8-v4cq: Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snap↗2022-09-03

▶

📋Vendor Advisories

Android

CVE-2021-35113: Closed-source component↗2023-01-01

▶