Published:2016/08/05  Last Updated:2016/08/05

JVN#09470233
Android stock browser vulnerable to denial-of-service (DoS)

Overview

The Android stock browser contains a denial-of-service (DoS) vulnerability.

Products Affected

  • Android stock browser 2.1
  • Android stock browser 2.2

Description

The Android stock browser contains a denial-of-service (DoS) vulnerability.

Impact

When receiving a specially crafted packet, the Android stock browser may crash.

Solution

Do not use Android stock browser
If using an affected version of the Android stock browser, it is recommended to use another browser.

Vendor Status

Vendor Status Last Update Vendor Notes
Disney Mobile on SoftBank Not Vulnerable 2016/08/05
FUJITSU LIMITED Not Vulnerable 2016/08/05
KDDI CORPORATION Vulnerable 2016/08/05
Sharp Corporation Not Vulnerable 2016/08/05
SoftBank Vulnerable, investigating 2016/08/05
Ymobile Not Vulnerable, investigating 2016/08/05

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Base Score: 4.3
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
CVSS v2 AV:N/AC:M/Au:N/C:N/I:N/A:P
Base Score: 4.3
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)

Credit

Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2016-000127