Vulnerability Details : CVE-2009-2999
The com.android.phone process in Android 1.5 CRBxx allows remote attackers to cause a denial of service (application restart and network disconnection) via an SMS message containing a malformed WAP Push message that triggers an ArrayIndexOutOfBoundsException exception, possibly a related issue to CVE-2009-2656.
Vulnerability category: Denial of service
Products affected by CVE-2009-2999
- cpe:2.3:o:google:android:1.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-2999
0.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-2999
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
References for CVE-2009-2999
-
http://www.securityfocus.com/archive/1/506948/100/0/threaded
-
http://android.git.kernel.org/?p=platform/frameworks/base.git;a=commit;h=46e23fe762d2143d60589ab6d39c4b47c2c754d1
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/53655
-
http://www.ocert.org/advisories/ocert-2009-014.html
-
http://securitytracker.com/id?1022986
Jump to