Input validation error in Google Android - CVE-2021-0967
Published: December 10, 2021 / Updated: December 10, 2021
Vulnerability identifier: #VU58838
CSH Severity: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2021-0967
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Google Android
Google Android
Software vendor:
Google
Description
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability occurs when handling cases where order isn't a multiple of dimension. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
Vulnerability may allow execute arbitrary code Android 9.
Vulnerability also may allow access to potentially sensitive information on Android 10, 11, 12
Remediation
Install updates from vendor's website.