Details of VAR-202410-2097

ID

VAR-202410-2097

CVE

CVE-2024-47034

TITLE

Google of Android Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-011330

DESCRIPTION

there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds read vulnerability.Information may be obtained. Google Pixel is a smartphone produced by Google in the United States. The vulnerability is caused by the lack of boundary checking. Attackers can use this vulnerability to read local information out of bounds

Trust: 2.16

sources: NVD: CVE-2024-47034 // JVNDB: JVNDB-2024-011330 // CNVD: CNVD-2024-44476

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-44476

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	-	Trust: 1.8
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	pixel	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2024-44476 // JVNDB: JVNDB-2024-011330 // NVD: CVE-2024-47034

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-47034
value:	MEDIUM
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-47034
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2024-47034
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2024-44476
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-44476
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:S/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2024-47034
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-47034
baseSeverity:	MEDIUM
baseScore:	5.1
vectorString:	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.4
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2024-47034
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-44476 // JVNDB: JVNDB-2024-011330 // NVD: CVE-2024-47034 // NVD: CVE-2024-47034

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.0
problemtype:	Out-of-bounds read (CWE-125) [NVD evaluation ]	Trust: 0.8
problemtype:	Out-of-bounds read (CWE-125) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-011330 // NVD: CVE-2024-47034

PATCH

title:

Patch for Google Pixel Out-of-Bounds Read Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/616806

Trust: 0.6

sources: CNVD: CNVD-2024-44476

EXTERNAL IDS

db:	NVD	id:	CVE-2024-47034	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-011330	Trust: 0.8
db:	CNVD	id:	CNVD-2024-44476	Trust: 0.6

sources: CNVD: CNVD-2024-44476 // JVNDB: JVNDB-2024-011330 // NVD: CVE-2024-47034

REFERENCES

url:	https://source.android.com/security/bulletin/pixel/2024-10-01	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2024-47034	Trust: 0.8

sources: CNVD: CNVD-2024-44476 // JVNDB: JVNDB-2024-011330 // NVD: CVE-2024-47034

SOURCES

db:	CNVD	id:	CNVD-2024-44476
db:	JVNDB	id:	JVNDB-2024-011330
db:	NVD	id:	CVE-2024-47034

LAST UPDATE DATE

2024-11-12T23:21:47.624000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-44476	date:	2024-11-11T00:00:00
db:	JVNDB	id:	JVNDB-2024-011330	date:	2024-10-29T00:16:00
db:	NVD	id:	CVE-2024-47034	date:	2024-10-28T17:56:51.787

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-44476	date:	2024-11-11T00:00:00
db:	JVNDB	id:	JVNDB-2024-011330	date:	2024-10-29T00:00:00
db:	NVD	id:	CVE-2024-47034	date:	2024-10-25T11:15:17.557