Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.9
CVSSv3

CVE-2016-5348

Published: 10/10/2016 Updated: 19/04/2018
CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 715
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Subscribe to Google

Vulnerability Summary

The GPS component in Android 4.x prior to 4.4.4, 5.0.x prior to 5.0.2, 5.1.x prior to 5.1.1, 6.x prior to 2016-10-01, and 7.0 prior to 2016-10-01 allows man-in-the-middle malicious users to cause a denial of service (memory consumption, and device hang or reboot) via a large xtra.bin or xtra2.bin file on a spoofed Qualcomm gpsonextra.net or izatcloud.net host, aka internal bug 29555864.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google android 4.2.2

google android 4.2.1

google android 4.0.1

google android 4.0

google android 4.4.1

google android 4.4

google android 4.1

google android 4.0.4

google android 5.1

google android 5.1.0

google android 6.0

google android 4.3.1

google android 4.3

google android 4.0.3

google android 4.0.2

google android 6.0.1

google android 7.0

google android 4.4.3

google android 4.4.2

google android 4.2

google android 4.1.2

google android 5.0

google android 5.0.1

Exploits

Exploit DB: Google Android - 'gpsOneXtra' Data Files Denial of Service
Original at: wwwsnightwatchcybersecuritycom/2016/10/04/advisory-cve-2016-5348-2/ Summary Android devices can be crashed remotely forcing a halt and then a soft reboot by a MITM attacker manipulating assisted GPS/GNSS data provided by Qualcomm This issue affects the open source code in AOSP and proprietary code in a Java XTRA downloader ...
Exploit DB: Android Qualcomm GPS/GNSS Man-In-The-Middle
Android devices can be crashed remotely forcing a halt and then a soft reboot by a MITM attacker manipulating assisted GPS/GNSS data provided by Qualcomm This issue affects the open source code in AOSP and proprietary code in a Java XTRA downloader provided by Qualcomm The Android issue was fixed by in the October 2016 Android bulletin Additiona ...

References

CWE-399https://code.google.com/p/android/issues/detail?id=213747https://android.googlesource.com/platform/frameworks/base/+/218b813d5bc2d7d3952ea1861c38b4aa944ac59bhttp://source.android.com/security/bulletin/2016-10-01.htmlhttps://wwws.nightwatchcybersecurity.com/2016/10/04/advisory-cve-2016-5348-2/http://www.securityfocus.com/bid/93293https://www.exploit-db.com/exploits/40502/https://source.android.com/security/bulletin/2018-04-01https://nvd.nist.govhttps://www.exploit-db.com/exploits/40502/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook