CVE-2016-6703
Published on: 11/25/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:12 PM UTC
Certain versions of Android from Google contain the following vulnerability:
A remote code execution vulnerability in an Android runtime library in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker using a specially crafted payload to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Android runtime. Android ID: A-30765246.
- CVE-2016-6703 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity. - Affected Vendor/Software: Google Inc. - Android version Android-4.4.4
- Affected Vendor/Software: Google Inc. - Android version Android-5.0.2
- Affected Vendor/Software: Google Inc. - Android version Android-5.1.1
- Affected Vendor/Software: Google Inc. - Android version Android-6.0
- Affected Vendor/Software: Google Inc. - Android version Android-6.0.1
CVSS3 Score: 7.8 - HIGH
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
|---|---|---|---|---|
| LOCAL | LOW | NONE | REQUIRED | |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
| UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 6.8 - MEDIUM
| Access Vector ⓘ |
Access Complexity |
Authentication |
|---|---|---|
| NETWORK | MEDIUM | NONE |
| Confidentiality Impact |
Integrity Impact |
Availability Impact |
| PARTIAL | PARTIAL | PARTIAL |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| Android Security Bulletin—November 2016 | Android Open Source Project | Vendor Advisory source.android.com text/html |
CONFIRM source.android.com/security/bulletin/2016-11-01.html |
| Google Android Runtime Library CVE-2016-6703 Remote Code Execution Vulnerability | Third Party Advisory VDB Entry cve.report (archive) text/html |
BID 94161 |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Android | 4.0 | All | All | All | |
| Operating System | Android | 4.0.1 | All | All | All | |
| Operating System | Android | 4.0.2 | All | All | All | |
| Operating System | Android | 4.0.3 | All | All | All | |
| Operating System | Android | 4.0.4 | All | All | All | |
| Operating System | Android | 4.1 | All | All | All | |
| Operating System | Android | 4.1.2 | All | All | All | |
| Operating System | Android | 4.2 | All | All | All | |
| Operating System | Android | 4.2.1 | All | All | All | |
| Operating System | Android | 4.2.2 | All | All | All | |
| Operating System | Android | 4.3 | All | All | All | |
| Operating System | Android | 4.3.1 | All | All | All | |
| Operating System | Android | 4.4 | All | All | All | |
| Operating System | Android | 4.4.1 | All | All | All | |
| Operating System | Android | 4.4.2 | All | All | All | |
| Operating System | Android | 4.4.3 | All | All | All | |
| Operating System | Android | 5.0 | All | All | All | |
| Operating System | Android | 5.0.1 | All | All | All | |
| Operating System | Android | 5.1 | All | All | All | |
| Operating System | Android | 5.1.0 | All | All | All | |
| Operating System | Android | 6.0 | All | All | All | |
| Operating System | Android | 4.0 | All | All | All | |
| Operating System | Android | 4.0.1 | All | All | All | |
| Operating System | Android | 4.0.2 | All | All | All | |
| Operating System | Android | 4.0.3 | All | All | All | |
| Operating System | Android | 4.0.4 | All | All | All | |
| Operating System | Android | 4.1 | All | All | All | |
| Operating System | Android | 4.1.2 | All | All | All | |
| Operating System | Android | 4.2 | All | All | All | |
| Operating System | Android | 4.2.1 | All | All | All | |
| Operating System | Android | 4.2.2 | All | All | All | |
| Operating System | Android | 4.3 | All | All | All | |
| Operating System | Android | 4.3.1 | All | All | All | |
| Operating System | Android | 4.4 | All | All | All | |
| Operating System | Android | 4.4.1 | All | All | All | |
| Operating System | Android | 4.4.2 | All | All | All | |
| Operating System | Android | 4.4.3 | All | All | All | |
| Operating System | Android | 5.0 | All | All | All | |
| Operating System | Android | 5.0.1 | All | All | All | |
| Operating System | Android | 5.1 | All | All | All | |
| Operating System | Android | 5.1.0 | All | All | All | |
| Operating System | Android | 6.0 | All | All | All | |
| Operating System | Android | All | All | All | All |
- cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE