var-201608-0407
Vulnerability from variot
The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711. Vendors have confirmed this vulnerability Android internal bug 28670333 and Qualcomm internal bug CR548711 It is released as. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlService disruption through a specially crafted frame by a third party ( Device hang or reboot ) There is a possibility of being put into a state. GoogleNexus is a high-end mobile phone series powered by Google\342\200\231s original Android system. A denial of service vulnerability exists in GoogleNexus that could be exploited by a remote attacker to cause a denial of service. Google Nexus is prone to denial-of-service vulnerability. This issue is being tracked by Android Bug ID A-28670333
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0407",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "android",
"scope": "lte",
"trust": 1.0,
"vendor": "google",
"version": "6.0.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.8,
"vendor": "google",
"version": "2016-08-05"
},
{
"model": "nexus",
"scope": null,
"trust": 0.6,
"vendor": "google",
"version": null
},
{
"model": "android",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "6.0.1"
},
{
"model": "nexus",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06095"
},
{
"db": "BID",
"id": "92247"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004194"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-097"
},
{
"db": "NVD",
"id": "CVE-2014-9901"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:google:android",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004194"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "92247"
}
],
"trust": 0.3
},
"cve": "CVE-2014-9901",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-9901",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-06095",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2014-9901",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-9901",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-9901",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-06095",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-097",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-9901",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06095"
},
{
"db": "VULMON",
"id": "CVE-2014-9901"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004194"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-097"
},
{
"db": "NVD",
"id": "CVE-2014-9901"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711. Vendors have confirmed this vulnerability Android internal bug 28670333 and Qualcomm internal bug CR548711 It is released as. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlService disruption through a specially crafted frame by a third party ( Device hang or reboot ) There is a possibility of being put into a state. GoogleNexus is a high-end mobile phone series powered by Google\\342\\200\\231s original Android system. A denial of service vulnerability exists in GoogleNexus that could be exploited by a remote attacker to cause a denial of service. Google Nexus is prone to denial-of-service vulnerability. \nThis issue is being tracked by Android Bug ID A-28670333",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9901"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004194"
},
{
"db": "CNVD",
"id": "CNVD-2016-06095"
},
{
"db": "BID",
"id": "92247"
},
{
"db": "VULMON",
"id": "CVE-2014-9901"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9901",
"trust": 3.4
},
{
"db": "BID",
"id": "92247",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004194",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-06095",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201608-097",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2014-9901",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06095"
},
{
"db": "VULMON",
"id": "CVE-2014-9901"
},
{
"db": "BID",
"id": "92247"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004194"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-097"
},
{
"db": "NVD",
"id": "CVE-2014-9901"
}
]
},
"id": "VAR-201608-0407",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06095"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06095"
}
]
},
"last_update_date": "2024-11-23T21:42:46.955000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Android Security Bulletin-August 2016",
"trust": 0.8,
"url": "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"title": "wlan: Replace snprintf with scnprintf",
"trust": 0.8,
"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=637f0f7931dd7265ac1c250dc2884d6389c66bde"
},
{
"title": "GoogleNexus denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/80131"
},
{
"title": "Android on Nexus Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63489"
},
{
"title": "Android Security Bulletins: Android Security Bulletin\u2014August 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=1c52474e34daae48915f8b4129072a86"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06095"
},
{
"db": "VULMON",
"id": "CVE-2014-9901"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004194"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-097"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004194"
},
{
"db": "NVD",
"id": "CVE-2014-9901"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"trust": 2.0,
"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=637f0f7931dd7265ac1c250dc2884d6389c66bde"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/92247"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9901"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9901"
},
{
"trust": 0.3,
"url": "http://code.google.com/android/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/284.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06095"
},
{
"db": "VULMON",
"id": "CVE-2014-9901"
},
{
"db": "BID",
"id": "92247"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004194"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-097"
},
{
"db": "NVD",
"id": "CVE-2014-9901"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-06095"
},
{
"db": "VULMON",
"id": "CVE-2014-9901"
},
{
"db": "BID",
"id": "92247"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004194"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-097"
},
{
"db": "NVD",
"id": "CVE-2014-9901"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-06095"
},
{
"date": "2016-08-05T00:00:00",
"db": "VULMON",
"id": "CVE-2014-9901"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92247"
},
{
"date": "2016-08-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004194"
},
{
"date": "2016-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-097"
},
{
"date": "2016-08-05T20:59:00.197000",
"db": "NVD",
"id": "CVE-2014-9901"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-06095"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULMON",
"id": "CVE-2014-9901"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92247"
},
{
"date": "2016-08-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004194"
},
{
"date": "2016-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-097"
},
{
"date": "2024-11-21T02:21:56.157000",
"db": "NVD",
"id": "CVE-2014-9901"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-097"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nexus 7 (2013) Run on device Android of Qualcomm Wi-Fi Service disruption in drivers (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004194"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-097"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…