CVE-2022-1799

Summary

Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release.

Affected Software

VendorProductVersion RangeStatus
Google LLCGoogle Play Services SDKunspecified < 18.0.2affected

Weaknesses

  • CWE-501: CWE-501 Trust Boundary Violation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References