Vulnerability Name: | CVE-2016-6723 (CCN-118708) | ||||||||||||||||
Assigned: | 2016-11-07 | ||||||||||||||||
Published: | 2016-11-07 | ||||||||||||||||
Updated: | 2019-03-07 | ||||||||||||||||
Summary: | A denial of service vulnerability in Proxy Auto Config in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Android ID: A-30100884. | ||||||||||||||||
CVSS v3 Severity: | 4.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H) 4.1 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||
CVSS v2 Severity: | 5.4 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C)
| ||||||||||||||||
Vulnerability Type: | CWE-284 | ||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2016-6723 Source: CCN Type: Full-Disclosure Mailing List, Mon, 7 Nov 2016 16:06:29 -0500 Crashing Android devices with large Proxy Auto Config (PAC) Files [CVE-2016-6723] Source: BID Type: Third Party Advisory, VDB Entry 94185 Source: CCN Type: BID-94185 Google Android Proxy Auto Config CVE-2016-6723 Denial of Service Vulnerability Source: XF Type: UNKNOWN google-android-cve20166723-dos(118708) Source: CCN Type: Packet Storm Security [11-08-2016] Android Proxy Auto Config (PAC) Crash Source: CCN Type: Android Security Bulletin Android Security BulletinNovember 2016 Source: CONFIRM Type: Vendor Advisory https://source.android.com/security/bulletin/2016-11-01.html Source: CCN Type: WhiteSource Vulnerability Database CVE-2016-6723 Source: MISC Type: Third Party Advisory https://wwws.nightwatchcybersecurity.com/2016/11/07/crashing-android-devices-with-large-pac-files-cve-2016-6723/ | ||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||
Oval Definitions | |||||||||||||||||
| |||||||||||||||||
BACK |