{"api_version":"1","generated_at":"2026-04-23T04:11:00+00:00","cve":"CVE-2021-0639","urls":{"html":"https://cve.report/CVE-2021-0639","api":"https://cve.report/api/cve/CVE-2021-0639.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-0639","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-0639"},"summary":{"title":"CVE-2021-0639","description":"In multiple functions of libl3oemcrypto.cpp, there is a possible weakness in the existing obfuscation mechanism due to the way sensitive data is handled. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-190724551","state":"PUBLIC","assigner":"security@android.com","published_at":"2021-08-17 19:15:00","updated_at":"2021-08-24 16:54:00"},"problem_types":["CWE-922"],"metrics":[],"references":[{"url":"https://source.android.com/security/bulletin/2021-08-01","name":"https://source.android.com/security/bulletin/2021-08-01","refsource":"MISC","tags":[],"title":"Android Security Bulletin—August 2021  |  Android Open Source Project","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-0639","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-0639","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"639","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-0639","qid":"610357","title":"Google Android Devices August 2021 Security Patch Missing"},{"cve":"CVE-2021-0639","qid":"610366","title":"Google Android September 2021 Security Patch Missing for Samsung"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-0639","ASSIGNER":"security@android.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Android","version":{"version_data":[{"version_value":"Android SoC"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Information disclosure"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://source.android.com/security/bulletin/2021-08-01","url":"https://source.android.com/security/bulletin/2021-08-01"}]},"description":{"description_data":[{"lang":"eng","value":"In multiple functions of libl3oemcrypto.cpp, there is a possible weakness in the existing obfuscation mechanism due to the way sensitive data is handled. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-190724551"}]}},"nvd":{"publishedDate":"2021-08-17 19:15:00","lastModifiedDate":"2021-08-24 16:54:00","problem_types":["CWE-922"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"639","Ordinal":"190341","Title":"CVE-2021-0639","CVE":"CVE-2021-0639","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"639","Ordinal":"1","NoteData":"In multiple functions of libl3oemcrypto.cpp, there is a possible weakness in the existing obfuscation mechanism due to the way sensitive data is handled. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-190724551","Type":"Description","Title":null},{"CveYear":"2021","CveId":"639","Ordinal":"2","NoteData":"2021-08-17","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"639","Ordinal":"3","NoteData":"2021-08-17","Type":"Other","Title":"Modified"}]}}}