← back
CVE-2016-5348

CVE-2016-5348

EPSS 4.3%
The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows man-in-the-middle attackers to cause a denial of service (memory consumption, and device hang or reboot) via a large xtra.bin or xtra2.bin file on a spoofed Qualcomm gpsonextra.net or izatcloud.net host, aka internal bug 29555864.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/40502/unverifiedexploitdbwww.exploit-db.com/exploits/40502unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://android.googlesource.com/platform/frameworks/base/+/218b813d5bc2d7d3952ea1861c38b4aa944ac59bhttps://code.google.com/p/android/issues/detail?id=213747http://source.android.com/security/bulletin/2016-10-01.htmlhttps://source.android.com/security/bulletin/2018-04-01https://www.exploit-db.com/exploits/40502/https://wwws.nightwatchcybersecurity.com/2016/10/04/advisory-cve-2016-5348-2/http://www.securityfocus.com/bid/93293