Incorrect signature verification on Google play-services-basement in Google Play SDK
CVE-2022-1799

5.7MEDIUM

Key Information:

Vendor: Google
Status: Google Play Services Sdk
Vendor: CVE Published:; 29 July 2022

What is CVE-2022-1799?

Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release.

Affected Version(s)

Google Play Services SDK < 18.0.2

References

https://developers.google.com/android/guides/releases#may...

x_refsource_MISC

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2022
Vulnerability Reserved
May 19, 2022