Published: 07/04/2017 Updated: 07/11/2023

CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9

CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1

VMScore: 676

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl prior to 3.3.0 library.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 7.1.0
google android 5.1.0
google android 5.0.2
google android 6.0.1
google android 6.0
google android 7.0
google android 5.0.1
google android 5.0
google android 5.1.1
google android 7.1.1
google android 5.1

Synopsis Moderate: NetworkManager and libnl3 security, bug fix and enhancement update Type/Severity Security Advisory: Moderate Topic An update for NetworkManager, NetworkManager-libreswan, libnl3, and network-manager-applet is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated ...

Debian Bug report logs - #859948 libnl3: CVE-2017-0553 Package: src:libnl3; Maintainer for src:libnl3 is Heiko Stuebner <mmind@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 9 Apr 2017 13:51:04 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found in version li ...

libnl could be made to run programs as an administrator ...

libnl could be made to crash or run programs ...

Integer overflow in nlmsg_reserve():An integer overflow leading to a heap-buffer overflow was found in the libnl library An attacker could use this flaw to cause an application compiled with libnl to crash or possibly execute arbitrary code in the context of the user running such an application (CVE-2017-0553) ...

An integer overflow leading to a heap-buffer overflow was found in the libnl library An attacker could use this flaw to cause an application compiled with libnl to crash or possibly execute arbitrary code in the context of the user running such an application ...

An integer overflow vulnerability has been found in the nlmsg_reserve() function of libnl < 330, allowing local privilege escalation ...

CWE-190 https://source.android.com/security/bulletin/2017-04-01 http://www.securityfocus.com/bid/97340 http://www.securitytracker.com/id/1038201 https://usn.ubuntu.com/usn/usn-3311-1/http://www.ubuntu.com/usn/USN-3311-2 http://lists.infradead.org/pipermail/libnl/2017-May/002313.html http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb https://access.redhat.com/errata/RHSA-2017:2299 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KIHASXRQO2YTQPKVP4VGIB2XHPANG6YX/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VCF5KS6HOJZLFIY2ZSXSVSDQX65A2PU/https://access.redhat.com/errata/RHSA-2017:2299 https://nvd.nist.gov https://usn.ubuntu.com/3311-2/

CVE-2017-0553

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect