CVE-2016-0811

HIGH

Android 6.x - Info Disclosure

Title source: llm

Description

Integer overflow in the BnCrypto::onTransact function in media/libmedia/ICrypto.cpp in libmediaplayerservice in Android 6.x before 2016-02-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an improper size calculation, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25800375.

Exploits (1)

github WORKING POC 8 stars

by codecat007 · cpoc

https://github.com/codecat007/cvehub/tree/main/android/securityPatch/CVE-2016-0811

View Code ZIP pw:eip

References (2)

[Patch] https://android.googlesource.com/platform%2Fframeworks%2Fav/+/22f824feac43d5758f9a70b77f2aca840ba62c3b

[Vendor Advisory] http://source.android.com/security/bulletin/2016-02-01.html

Scores

CVSS v3 7.5

EPSS 0.0007

EPSS Percentile 21.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (2)

google/android 6.0

google/android 6.0.1

Published Feb 07, 2016

Tracked Since Feb 18, 2026