{"containers": {"cna": {"affected": [{"product": "Android", "vendor": "Google Inc.", "versions": [{"status": "affected", "version": "Android-5.0.2"}, {"status": "affected", "version": "Android-5.1.1"}, {"status": "affected", "version": "Android-6.0"}, {"status": "affected", "version": "Android-6.0.1"}, {"status": "affected", "version": "Android-7.0"}, {"status": "affected", "version": "Android-7.1.1"}]}], "datePublic": "2017-04-03T00:00:00", "descriptions": [{"lang": "en", "value": "An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl before 3.3.0 library."}], "problemTypes": [{"descriptions": [{"description": "Elevation of privilege", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb"}, {"name": "FEDORA-2017-34f6e70fdd", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KIHASXRQO2YTQPKVP4VGIB2XHPANG6YX/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://source.android.com/security/bulletin/2017-04-01"}, {"name": "[libnl] 20170503 ANN: libnl 3.3.0 released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.infradead.org/pipermail/libnl/2017-May/002313.html"}, {"name": "RHSA-2017:2299", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2299"}, {"name": "97340", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97340"}, {"name": "USN-3311-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3311-2"}, {"name": "FEDORA-2017-7a5363b41d", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VCF5KS6HOJZLFIY2ZSXSVSDQX65A2PU/"}, {"name": "USN-3311-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/usn/usn-3311-1/"}, {"name": "1038201", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038201"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@android.com", "ID": "CVE-2017-0553", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Android", "version": {"version_data": [{"version_value": "Android-5.0.2"}, {"version_value": "Android-5.1.1"}, {"version_value": "Android-6.0"}, {"version_value": "Android-6.0.1"}, {"version_value": "Android-7.0"}, {"version_value": "Android-7.1.1"}]}}]}, "vendor_name": "Google Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl before 3.3.0 library."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Elevation of privilege"}]}]}, "references": {"reference_data": [{"name": "http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb", "refsource": "CONFIRM", "url": "http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb"}, {"name": "FEDORA-2017-34f6e70fdd", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KIHASXRQO2YTQPKVP4VGIB2XHPANG6YX/"}, {"name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01"}, {"name": "[libnl] 20170503 ANN: libnl 3.3.0 released", "refsource": "MLIST", "url": "http://lists.infradead.org/pipermail/libnl/2017-May/002313.html"}, {"name": "RHSA-2017:2299", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2299"}, {"name": "97340", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97340"}, {"name": "USN-3311-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3311-2"}, {"name": "FEDORA-2017-7a5363b41d", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VCF5KS6HOJZLFIY2ZSXSVSDQX65A2PU/"}, {"name": "USN-3311-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/usn/usn-3311-1/"}, {"name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T13:11:06.544Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb"}, {"name": "FEDORA-2017-34f6e70fdd", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KIHASXRQO2YTQPKVP4VGIB2XHPANG6YX/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://source.android.com/security/bulletin/2017-04-01"}, {"name": "[libnl] 20170503 ANN: libnl 3.3.0 released", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.infradead.org/pipermail/libnl/2017-May/002313.html"}, {"name": "RHSA-2017:2299", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2299"}, {"name": "97340", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/97340"}, {"name": "USN-3311-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3311-2"}, {"name": "FEDORA-2017-7a5363b41d", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VCF5KS6HOJZLFIY2ZSXSVSDQX65A2PU/"}, {"name": "USN-3311-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/usn/usn-3311-1/"}, {"name": "1038201", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038201"}]}]}, "cveMetadata": {"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0553", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.544Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "7C4E6353-B77A-464F-B7DE-932704003B33", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "77125688-2CCA-4990-ABB2-551D47CB0CDD", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E9915371-C730-41F7-B86E-7E4DE0DF5385", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "E7A8EC00-266C-409B-AD43-18E8DFCD6FE3", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B846C63A-7261-481E-B4A4-0D8C79E0D8A7", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1D94CDD-DE7B-444E-A3AE-AE9C9A779374", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC30B2A2-9674-4052-B402-20348E50F9E8", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl before 3.3.0 library."}, {"lang": "es", "value": "Una vulnerabilidad de elevaci\u00f3n de privilegios en libnl podr\u00eda permitir a una aplicaci\u00f3n maliciosa local ejecutar c\u00f3digo arbitrario en el contexto del servicio Wi-Fi. Este problema es valorado como Moderado porque primero requiere comprometer un proceso privilegiado y es mitigado con las configuraciones actuales de la plataforma. Producto: Android. Versiones: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. ID de Android: A-32342065. NOTA: este problema tambi\u00e9n se presenta aguas arriba de libnl anterior a la biblioteca versi\u00f3n 3.3.0."}], "id": "CVE-2017-0553", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-07T22:59:00.717", "references": [{"source": "security@android.com", "url": "http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb"}, {"source": "security@android.com", "url": "http://lists.infradead.org/pipermail/libnl/2017-May/002313.html"}, {"source": "security@android.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97340"}, {"source": "security@android.com", "url": "http://www.securitytracker.com/id/1038201"}, {"source": "security@android.com", "url": "http://www.ubuntu.com/usn/USN-3311-2"}, {"source": "security@android.com", "url": "https://access.redhat.com/errata/RHSA-2017:2299"}, {"source": "security@android.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VCF5KS6HOJZLFIY2ZSXSVSDQX65A2PU/"}, {"source": "security@android.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KIHASXRQO2YTQPKVP4VGIB2XHPANG6YX/"}, {"source": "security@android.com", "tags": ["Vendor Advisory"], "url": "https://source.android.com/security/bulletin/2017-04-01"}, {"source": "security@android.com", "url": "https://usn.ubuntu.com/usn/usn-3311-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.infradead.org/pipermail/libnl/2017-May/002313.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97340"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1038201"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-3311-2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2017:2299"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VCF5KS6HOJZLFIY2ZSXSVSDQX65A2PU/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KIHASXRQO2YTQPKVP4VGIB2XHPANG6YX/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://source.android.com/security/bulletin/2017-04-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/usn/usn-3311-1/"}], "sourceIdentifier": "security@android.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2017:2299", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libnl3-0:3.2.28-4.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:2299", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "NetworkManager-1:1.8.0-9.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:2299", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "network-manager-applet-0:1.8.0-3.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:2299", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "NetworkManager-libreswan-0:1.2.4-2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}], "bugzilla": {"description": "libnl: Integer overflow in nlmsg_reserve()", "id": "1440788", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1440788"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-190", "details": ["An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl before 3.3.0 library.", "An integer overflow leading to a heap-buffer overflow was found in the libnl library. An attacker could use this flaw to cause an application compiled with libnl to crash or possibly execute arbitrary code in the context of the user running such an application."], "name": "CVE-2017-0553", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "libnl", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "libnl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "libnl3", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "libnl", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2017-02-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-0553\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-0553"], "threat_severity": "Moderate"}