PUB-A-176756691

See a problem?
Import Source
https://storage.googleapis.com/android-osv/PUB-A-176756691.json
JSON Data
https://api.osv.dev/v1/vulns/PUB-A-176756691
Aliases
Published
2021-06-01T00:00:00Z
Modified
2026-04-17T15:55:28.020024Z
Summary
[none]
Details

In dropFile of WiFiInstaller, there is a way to delete files accessible to CertInstaller due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/apps/CertInstaller

Package

Name
platform/packages/apps/CertInstaller

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-06-01

Affected versions

Other
11

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1158.0,
                "function_hash": "217356404813949619192597016952761966644"
            },
            "id": "PUB-A-176756691-0ff8c12c",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/2e6f670e6fd6ffa6065280e057b4a68dbc68a44e",
            "target": {
                "function": "onClick",
                "file": "src/com/android/certinstaller/WiFiInstaller.java"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "50884962869614138736932429704867604640",
                    "110593511323198659955124285766390407898",
                    "277017593897858298501438162745831353790",
                    "28914999815257171562187877444059598245",
                    "300724692283570300959613447913914763412",
                    "249615175997684530577499538551395100744",
                    "325316964057662013535318730941371968015",
                    "157683948721163247911509074399803859303",
                    "113995312874588763968216755550988293515",
                    "285489144737406926788648397144622868652",
                    "75934963529806651734131451107994508836",
                    "113850337314581330153067122794552763517",
                    "205746171712783766711487956569040371092",
                    "105429424590447603293585786452890792556",
                    "109292298579708698101280741263387804456",
                    "168105292376293842380796371687750511439",
                    "66416544799714965963344419439922581178",
                    "195663666451109428123050429269860455601",
                    "163927171177882088663138154594370213000",
                    "35951252584294079639361290437444525297",
                    "121841287610310181697730947541895549506",
                    "62004359281163191929215155141062187313",
                    "325274727477639117123931452821196902177",
                    "298594492613526982516091701526939442872",
                    "22349764243196092161644316995305225773",
                    "334170073999241321161777757428487986967",
                    "213345543987195138279948199236563888033",
                    "30601449319213005644965748514748184568",
                    "18018516333635154065722059856404442197",
                    "125815783470666222251918119255572659184",
                    "158161435784027807284508661826910952778",
                    "56747962248170870257967867155141748651",
                    "126267276994991685681610272992841727527",
                    "223803257894458153046301940958085187491",
                    "6743122218507572728271124840639386142",
                    "243880150681672439382222660116883025369",
                    "125815136868875500919557391255249570954",
                    "1154105561246331928501216441417853678",
                    "211687292738631491698869049571664967974",
                    "130408382069926554371706830419755768947",
                    "86398477381419362780007935883518814181",
                    "304450820676327076831346339499840956751",
                    "216893408362943177202762008607558107889",
                    "183751773563818110791789117596091578755",
                    "181425343311949278082781996084193554648",
                    "58023314560031203343795860658100766388",
                    "314804132999357876994560547224183142179",
                    "168181709376296857307641552877873779477",
                    "197572627277844675623593665117133172144",
                    "127789459640995924136265642285808032843",
                    "134746647416465818254803885961153710086",
                    "324478295113550591524123847874641096178",
                    "246153942464329937098884859507590020672",
                    "156620395127848467318029874151521519136",
                    "47207791686508897801744191652235640138"
                ]
            },
            "id": "PUB-A-176756691-44679434",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/2e6f670e6fd6ffa6065280e057b4a68dbc68a44e",
            "target": {
                "file": "src/com/android/certinstaller/WiFiInstaller.java"
            }
        },
        {
            "digest": {
                "length": 737.0,
                "function_hash": "203260181679921286245243708838292581669"
            },
            "id": "PUB-A-176756691-6ba53792",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/2e6f670e6fd6ffa6065280e057b4a68dbc68a44e",
            "target": {
                "function": "run",
                "file": "src/com/android/certinstaller/WiFiInstaller.java"
            }
        },
        {
            "digest": {
                "length": 903.0,
                "function_hash": "149512918836258587134286066261101636141"
            },
            "id": "PUB-A-176756691-cde00719",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/2e6f670e6fd6ffa6065280e057b4a68dbc68a44e",
            "target": {
                "function": "onCreate",
                "file": "src/com/android/certinstaller/WiFiInstaller.java"
            }
        },
        {
            "digest": {
                "length": 2411.0,
                "function_hash": "231043761990921581651513874173068478550"
            },
            "id": "PUB-A-176756691-f56210f3",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/2e6f670e6fd6ffa6065280e057b4a68dbc68a44e",
            "target": {
                "function": "createMainDialog",
                "file": "src/com/android/certinstaller/WiFiInstaller.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/2e6f670e6fd6ffa6065280e057b4a68dbc68a44e"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2021-06-01",
    "severity": "Moderate"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/PUB-A-176756691.json"