CVE-2018-13042

Published: Oct 5, 2018Modified: Nov 21, 2024

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an external application (since they are exported), it is possible to crash the 1Password instance.

Affected (1)

Products: 1password: 1password

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
1password 1password	Version 6.8

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

https://app-updates.agilebits.com/product_history/OPA4

Source: cve@mitre.org

Vendor Advisory

https://www.exploit-db.com/exploits/46165/

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://www.valbrux.it/blog/2019/01/22/cve-2018-13042-1password-android-7-0-denial-of-service/

Source: cve@mitre.org

https://app-updates.agilebits.com/product_history/OPA4

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.exploit-db.com/exploits/46165/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.valbrux.it/blog/2019/01/22/cve-2018-13042-1password-android-7-0-denial-of-service/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.