CVE-2017-13322

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2017-13322
In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://source.android.com/security/bulletin/pixel/2018-05-01 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
History

13 Mar 2025, 14:15

Type Values Removed Values Added
CWE CWE-783

23 Jan 2025, 19:54

Type Values Removed Values Added
CPE cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
First Time Google
Google android
References () https://source.android.com/security/bulletin/pixel/2018-05-01 - () https://source.android.com/security/bulletin/pixel/2018-05-01 - Patch, Vendor Advisory
CWE NVD-CWE-noinfo
Summary
  • (es) En endCallForSubscriber de PhoneInterfaceManager.java, existe una forma posible de evitar el acceso a los servicios de emergencia debido a un error lógico en el código. Esto podría provocar una denegación de servicio local sin necesidad de privilegios de ejecución adicionales. No se necesita la interacción del usuario para la explotación.

17 Jan 2025, 23:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-17 23:15

Updated : 2025-03-13 14:15

NVD link : CVE-2017-13322

Mitre link : CVE-2017-13322

CVE.ORG link : CVE-2017-13322

JSON object : View

Products Affected

google

  • android
CWE
NVD-CWE-noinfo CWE-783

Operator Precedence Logic Error