Main Vulnerability Database Vulnerabilities #VU37691

Buffer overflow in Google Android - CVE-2017-11069

Published: January 10, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37691

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-11069

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, manipulation of SafeSwitch Image data can result in Heap overflow.

How to mitigate CVE-2017-11069

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/102413
http://www.securitytracker.com/id/1040106
https://source.android.com/security/bulletin/2018-01-01

Buffer overflow in Google Android - CVE-2017-11069

Detailed vulnerability description

How to mitigate CVE-2017-11069

Sources

Please verify you're human