Main Vulnerability Database Vulnerabilities #VU37852

Out-of-bounds read in Google Android - CVE-2017-14903

Published: December 5, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU37852

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-14903

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the SENDACTIONFRAME IOCTL, a buffer over-read can occur if the payload length is less than 7.

How to mitigate CVE-2017-14903

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/pixel/2017-12-01

Out-of-bounds read in Google Android - CVE-2017-14903

Detailed vulnerability description

How to mitigate CVE-2017-14903

Sources

Please verify you're human