Main Vulnerability Database Vulnerabilities #VU37681

Information disclosure in Google Android - CVE-2017-14870

Published: January 10, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37681

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-14870

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating the recovery message for eMMC devices, 1088 bytes of stack memory can potentially be leaked.

How to mitigate CVE-2017-14870

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/pixel/2018-01-01

Information disclosure in Google Android - CVE-2017-14870

Detailed vulnerability description

How to mitigate CVE-2017-14870

Sources

Please verify you're human