VDB
CVE-2021-0586
CVE-2021-0586
PUBLISHED
In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if the user can also inject a printf into a privileged process's SQL with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-153352319
EPSS 0.03% · 8.5th percentile
Risk Scores
EPSS Score
0.03%
8.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | Android | Android-9 Android-10 Android-11 Android-8.1 |
Timeline
- Jul 14, 2021 CVE Published
- Jul 15, 2021 EPSS Score
- Sep 13, 2021 EPSS Score
- Nov 11, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 10, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 9, 2022 EPSS Score
- Jul 7, 2022 EPSS Score
- Sep 6, 2022 EPSS Score
- Nov 4, 2022 EPSS Score
References
- https://cert-portal.siemens.com/productcert/html/ssa-792319.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-918992.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-353002.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-653855.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-225840.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-145196.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-382651.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-832273.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-366067.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-770721.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-576771.html advisory
- https://source.android.com/security/bulletin/2021-08-01 url