CVE-2016-2458

Published: May 9, 2016Modified: May 6, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly restrict attachments, which allows attackers to obtain sensitive information via a crafted application, related to ComposeActivity.java and ComposeActivityEmail.java, aka internal bug 27335139.

Affected (6)

Products: Google: Android

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Google Android	Version 5.0.1
Google Android	Version 5.0
Google Android	Version 5.1.0
Google Android	Version 5.1
Google Android	Version 6.0.1
Google Android	Version 6.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://source.android.com/security/bulletin/2016-05-01.html

Source: security@android.com

Vendor Advisory

https://android.googlesource.com/platform/packages/apps/Email/+/2791f0b33b610247ef87278862e66c6045f89693

Source: security@android.com

https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/a55168330d9326ff2120285763c818733590266a

Source: security@android.com

http://source.android.com/security/bulletin/2016-05-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://android.googlesource.com/platform/packages/apps/Email/+/2791f0b33b610247ef87278862e66c6045f89693

Source: af854a3a-2127-422b-91ae-364da2661108

https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/a55168330d9326ff2120285763c818733590266a

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.