PT-2018-4671 · Google · Android

Publicado

2018-04-18

Atualizado

2018-05-01

CVE-2016-10434

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Android versions prior to 2018-04-05 security patch level

Description The issue arises from the processing of a buffer from HLOS in the RPMB write response function before it is authenticated using HMAC. This can lead to various errors depending on the values of the response and result fields of the buffer, which are accessed before verifying the HMAC tag.

Recommendations For Android versions prior to 2018-04-05 security patch level, update to a version with a security patch level of 2018-04-05 or later to resolve the issue.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2016-10434

Produtos afetados

Android

PT-2018-4671 · Google · Android

CVE-2016-10434

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3