Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-3757

The print_maps function in toolbox/lsof.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows user-assisted attackers to gain privileges via a crafted application that attempts to list a long name of a memory-mapped file, aka internal bug 28175237. NOTE: print_maps is not related to the Vic Abell lsof product.

Published

2016-07-11T01:59:57.980

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.0 (HIGH)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:P/I:P/A:C

  • Access Vector: LOCAL
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: COMPLETE
Exploitability Score

3.4

Impact Score

8.5

Weaknesses
  • Type: Primary
    CWE-20
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System google android 4.0 Yes
Operating System google android 4.0.1 Yes
Operating System google android 4.0.2 Yes
Operating System google android 4.0.3 Yes
Operating System google android 4.0.4 Yes
Operating System google android 4.1 Yes
Operating System google android 4.1.2 Yes
Operating System google android 4.2 Yes
Operating System google android 4.2.1 Yes
Operating System google android 4.2.2 Yes
Operating System google android 4.3 Yes
Operating System google android 4.3.1 Yes
Operating System google android 4.4 Yes
Operating System google android 4.4.1 Yes
Operating System google android 4.4.2 Yes
Operating System google android 4.4.3 Yes
Operating System google android 5.0 Yes
Operating System google android 5.0.1 Yes
Operating System google android 5.1 Yes
Operating System google android 5.1.0 Yes
Operating System google android 6.0 Yes
Operating System google android 6.0.1 Yes
References