VDB
CVE-2021-0646
CVE-2021-0646
PUBLISHED
CVSS 9.300000190734863 CRITICAL
In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if the user can also inject a printf into a privileged process's SQL with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-153352319
EPSS 0.03% · 9.3th percentile
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.03%
9.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| android | 9.0, 10.0, 11.0 | |
| Siemens | N/A |
Exploit Intelligence
- skyformat99/dnsmasq-2.4.1-fix-CVE-2017-14491 (github-poc)
- skyformat99/dnsmasq-2.4.1-fix-CVE-2017-14491 (github-poc)
- skyformat99/dnsmasq-2.4.1-fix-CVE-2017-14491 (github-poc)
- skyformat99/dnsmasq-2.4.1-fix-CVE-2017-14491 (github-poc)
Timeline
- Aug 17, 2021 CVE Published
- Aug 18, 2021 EPSS Score
- Oct 15, 2021 EPSS Score
- Dec 13, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 9, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 9, 2022 EPSS Score
- Jun 6, 2022 EPSS Score
- Aug 5, 2022 EPSS Score
- Oct 2, 2022 EPSS Score
- Nov 30, 2022 EPSS Score
References
- https://cert-portal.siemens.com/productcert/html/ssa-792319.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-918992.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-353002.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-653855.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-225840.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-145196.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-382651.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-832273.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-366067.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-770721.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-576771.html advisory
- https://source.android.com/security/bulletin/2021-08-01 advisory
- https://source.android.com/security/bulletin/pixel/2021-08-01 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-0646 advisory