PT-2021-7385 · Google+7 · Android+7

Published

2021-06-22

·

Updated

2024-06-15

·

CVE-2021-0561

CVSS v2.0

6.8

Medium

VectorAV:N/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Android versions Android-11
Description The issue is related to a missing bounds check in the append to verify fifo interleaved function of stream encoder.c, which could lead to an out of bounds write. This might result in local information disclosure without requiring additional execution privileges. User interaction is not necessary for exploitation. The vulnerability is associated with the FLAC audio codec.
Recommendations For Android version Android-11, consider applying the fix for the append to verify fifo interleaved function in stream encoder.c to prevent out of bounds writes. As a temporary workaround, restrict access to sensitive data until the issue is resolved.

Fix

NULL Pointer Dereference

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-787

Related Identifiers

ALSA-2022:8078
BDU:2022-05919
BDU:2022-06245
CVE-2021-0561
DLA-2951-1
DLA-3094-1
MGASA-2022-0085
OESA-2022-1611
OPENSUSE-SU-2022:0815-1
OPENSUSE-SU-2022:10252-1
OPENSUSE-SU-2022_0815-1
OPENSUSE-SU-2024:11885-1
RHSA-2022:8078
RHSA-2022_8078
RLSA-2022:8078
SUSE-SU-2022:0814-1
SUSE-SU-2022:0815-1
SUSE-SU-2022_0814-1
SUSE-SU-2022_0815-1
USN-5733-1

Affected Products

Almalinux
Android
Astra Linux
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu