Main Vulnerability Database Vulnerabilities #VU37263

Origin validation error in Google Android - CVE-2017-13274

Published: April 4, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37263

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-13274

CWE-ID: CWE-346

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71360761.

How to mitigate CVE-2017-13274

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/2018-04-01

Origin validation error in Google Android - CVE-2017-13274

Detailed vulnerability description

How to mitigate CVE-2017-13274

Sources

Please verify you're human