Main Vulnerability Database Vulnerabilities #VU37429

Out-of-bounds read in Google Android - CVE-2017-18069

Published: March 15, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37429

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-18069

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper message length calculation in oem_cmd_handler() while processing a WLAN_NL_MSG_OEM netlink message leads to buffer overread.

How to mitigate CVE-2017-18069

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/103254
https://source.android.com/security/bulletin/2018-03-01

Out-of-bounds read in Google Android - CVE-2017-18069

Detailed vulnerability description

How to mitigate CVE-2017-18069

Sources

Please verify you're human