Main Vulnerability Database Vulnerabilities #VU37274

Out-of-bounds write in Google Android - CVE-2017-13285

Published: April 4, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37274

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-13285

CWE-ID: CWE-787

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a possible out of bounds write due to an uninitialized buffer. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177126.

How to mitigate CVE-2017-13285

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/2018-04-01

Out-of-bounds write in Google Android - CVE-2017-13285

Detailed vulnerability description

How to mitigate CVE-2017-13285

Sources

Please verify you're human