// For flags

CVE-2016-2419

 

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26323455.

media/libmedia/IDrm.cpp en mediaserver en Android 6.x en versiones anteriores a 2016-04-01 no inicializa una determinada estructura de datos de petición de clave, lo que permite a atacantes obtener información sensible de memoria de procesos, y consecuentemente eludir un mecanismo de protección no especificado, a través de vectores no especificados, según lo demostrado por la obtención de acceso Signature o SignatureOrSystem, también conocida como error interno 26323455.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-02-18 CVE Reserved
  • 2016-04-18 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 6.0
Search vendor "Google" for product "Android" and version "6.0"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 6.0.1
Search vendor "Google" for product "Android" and version "6.0.1"
-
Affected