CVE-2021-32694 MEDIUM

CVE-2021-32694: Malicious Android application can crash the Nextcloud Android Client

Vendor Nextcloud
Product security-advisories
Weakness CWE-248
Published June 17, 2021
Last update August 3, 2024

CVSS base score

4.1/10
Attack vector Physical
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.15.1, a malicious application on the same device is possible to crash the Nextcloud Android Client due to an uncaught exception. The vulnerability is patched in version 3.15.1.

Key dates

02Disclosure timeline

June 17, 2021 CVE published
August 3, 2024 Record updated