CVE-2017-0398

Published: Jan 13, 2017Modified: May 13, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android IDs: A-32438594, A-32635664.

Affected (6)

Products: Google: Android

Google

1 product

Android

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Google Android	Version 4.4.4
Google Android	Version 5.1.1
Google Android	Version 6.0.1
Google Android	Version 6.0
Google Android	Version 7.0
Google Android	Version 7.1.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.securityfocus.com/bid/95226

Source: security@android.com

https://source.android.com/security/bulletin/2017-01-01.html

Source: security@android.com

http://www.securityfocus.com/bid/95226

Source: af854a3a-2127-422b-91ae-364da2661108

https://source.android.com/security/bulletin/2017-01-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.