Main Vulnerability Database Vulnerabilities #VU37280

Out-of-bounds write in Google Android - CVE-2017-13292

Published: April 4, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37280

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-13292

CWE-ID: CWE-787

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-70722061. References: B-V2018010201.

How to mitigate CVE-2017-13292

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/2018-04-01

Out-of-bounds write in Google Android - CVE-2017-13292

Detailed vulnerability description

How to mitigate CVE-2017-13292

Sources

Please verify you're human