Main Vulnerability Database Vulnerabilities #VU37270

Buffer overflow in Google Android - CVE-2017-13281

Published: April 4, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37270

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-13281

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71603262.

How to mitigate CVE-2017-13281

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/2018-04-01

Buffer overflow in Google Android - CVE-2017-13281

Detailed vulnerability description

How to mitigate CVE-2017-13281

Sources

Please verify you're human