VDB

CVE-2021-0646

CVE-2021-0646 PUBLISHED CVSS 9.300000190734863 CRITICAL

In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if the user can also inject a printf into a privileged process's SQL with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-153352319

EPSS 0.03% · 9.3th percentile

Risk Scores

CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.03%
9.3th percentile

Affected Products

VendorProductVersions
googleandroid9.0, 10.0, 11.0
SiemensN/A

Timeline

  • Aug 17, 2021 CVE Published
  • Aug 18, 2021 EPSS Score
  • Oct 15, 2021 EPSS Score
  • Dec 13, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 9, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Apr 9, 2022 EPSS Score
  • Jun 6, 2022 EPSS Score
  • Aug 5, 2022 EPSS Score
  • Oct 2, 2022 EPSS Score
  • Nov 30, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›