Vulnerability Description
Unspecified vulnerability in the com.android.phone process in Android 1.0, 1.1, and 1.5 allows remote attackers to cause a denial of service (network disconnection) via a crafted SMS message, as demonstrated by Collin Mulliner and Charlie Miller at Black Hat USA 2009.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | 1.0 |
References
- http://osvdb.org/56750Broken Link
- http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhoExploitThird Party Advisory
- http://www.securityfocus.com/bid/35886Third Party AdvisoryVDB Entry
- http://osvdb.org/56750Broken Link
- http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhoExploitThird Party Advisory
- http://www.securityfocus.com/bid/35886Third Party AdvisoryVDB Entry
FAQ
What is CVE-2009-2656?
CVE-2009-2656 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Unspecified vulnerability in the com.android.phone process in Android 1.0, 1.1, and 1.5 allows remote attackers to cause a denial of service (network disconnection) via a crafted SMS message, as demon...
How severe is CVE-2009-2656?
CVE-2009-2656 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2656?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android.