PUB-A-180104327
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/PUB-A-180104327.json
- JSON Data
- https://api.osv.dev/v1/vulns/PUB-A-180104327
- Aliases
-
- A-180104327
- CVE-2021-0992
- Published
- 2021-12-01T00:00:00Z
- Modified
- 2024-11-06T12:16:03.231308Z
- Summary
- [none]
- Details
-
In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app without user consent due to tapjack overlay. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- References
Affected packages
Android / platform/packages/apps/Settings
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 404.0,
"function_hash": "104485141637095859179282170470878313838"
},
"id": "PUB-A-180104327-f01603a0",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/b2c03474c459a694e2f434160a6c3da17f5b1a4f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/com/android/settings/nfc/PaymentDefaultDialog.java",
"function": "onCreate"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"81542683022710382001647597058075622701",
"194994758474799553814890042146196583243",
"339244979075647213363104715871245383497",
"102277680394259784822421726305699026436",
"267444333987596431965299598945611135494",
"42632513904164290136329403539816671648",
"12467150003188855140878124554568115988"
]
},
"id": "PUB-A-180104327-f5c18cd5",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/b2c03474c459a694e2f434160a6c3da17f5b1a4f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/com/android/settings/nfc/PaymentDefaultDialog.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/apps/Settings/+/b2c03474c459a694e2f434160a6c3da17f5b1a4f"
],
"spl": "2021-12-01",
"severity": "Moderate",
"types": [
"EoP"
]
}