Vulnerability Description
The GPS component in Android before 2016-12-05 allows man-in-the-middle attackers to cause a denial of service (GPS signal-acquisition delay) via an incorrect xtra.bin or xtra2.bin file on a spoofed Qualcomm gpsonextra.net or izatcloud.net host, aka internal bug 31470303 and external bug 211602 (and AndroidID-7225554).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | <= 7.1.0 |
Related Weaknesses (CWE)
References
- http://source.android.com/security/bulletin/2016-12-01.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/94689Third Party AdvisoryVDB Entry
- https://source.android.com/security/bulletin/pixel/2017-12-01
- https://wwws.nightwatchcybersecurity.com/2016/12/05/cve-2016-5341/MitigationThird Party Advisory
- http://source.android.com/security/bulletin/2016-12-01.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/94689Third Party AdvisoryVDB Entry
- https://source.android.com/security/bulletin/pixel/2017-12-01
- https://wwws.nightwatchcybersecurity.com/2016/12/05/cve-2016-5341/MitigationThird Party Advisory
FAQ
What is CVE-2016-5341?
CVE-2016-5341 is a vulnerability with a CVSS score of 5.9 (MEDIUM). The GPS component in Android before 2016-12-05 allows man-in-the-middle attackers to cause a denial of service (GPS signal-acquisition delay) via an incorrect xtra.bin or xtra2.bin file on a spoofed Q...
How severe is CVE-2016-5341?
CVE-2016-5341 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-5341?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android.