CVE-2016-5341
MEDIUMAndroid < 7.1.0 - Denial of Service via Spoofed GPS XTRA Data
Title source: llmDescription
The GPS component in Android before 2016-12-05 allows man-in-the-middle attackers to cause a denial of service (GPS signal-acquisition delay) via an incorrect xtra.bin or xtra2.bin file on a spoofed Qualcomm gpsonextra.net or izatcloud.net host, aka internal bug 31470303 and external bug 211602 (and AndroidID-7225554).
References (4)
Core 4
Core References
Mitigation, Third Party Advisory x_refsource_misc
https://wwws.nightwatchcybersecurity.com/2016/12/05/cve-2016-5341/
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/pixel/2017-12-01
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94689
Patch, Vendor Advisory x_refsource_confirm
http://source.android.com/security/bulletin/2016-12-01.html
Scores
CVSS v3
5.9
EPSS
0.0086
EPSS Percentile
54.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-284
Status
published
Products (1)
google/android
< 7.1.0
Published
Dec 06, 2016
Tracked Since
Feb 18, 2026