Main Vulnerability Database Vulnerabilities #VU37677

Information disclosure in Google Android - CVE-2017-11079

Published: January 10, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37677

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-11079

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing sparse image, uninitialized heap memory can potentially be flashed due to the lack of validation of sparse image block header size.

How to mitigate CVE-2017-11079

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/pixel/2018-01-01

Information disclosure in Google Android - CVE-2017-11079

Detailed vulnerability description

How to mitigate CVE-2017-11079

Sources

Please verify you're human