First published: Tue Jan 02 2018(Updated: )
In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68341964.
Credit: security@android.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | =5.1.1 | |
Google Android | =6.0 | |
Google Android | =6.0.1 | |
Google Android | =7.0 | |
Google Android | =7.1.1 | |
Google Android | =7.1.2 | |
Google Android | =8.0 | |
Google Android | =8.1 | |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-13176 has been classified as a critical vulnerability due to its potential to allow remote elevation of privilege.
To fix CVE-2017-13176, update your Android device to a version that includes the security patch that addresses this vulnerability.
CVE-2017-13176 affects Android versions 5.1.1 through 8.1.
Exploitation of CVE-2017-13176 requires some form of user interaction.
CVE-2017-13176 is categorized as an input validation vulnerability in URLStreamHandler that can lead to remote elevation of privilege.