Main Vulnerability Database Vulnerabilities #VU37936

Buffer overflow in Google Android - CVE-2017-11013

Published: November 16, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU37936

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-11013

CWE-ID: CWE-120

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, countOffset (in function UnpackCore) is increased for each loop, while there is no boundary check against "pIe->arraybound".

How to mitigate CVE-2017-11013

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/101774
https://source.android.com/security/bulletin/2017-11-01

Buffer overflow in Google Android - CVE-2017-11013

Detailed vulnerability description

How to mitigate CVE-2017-11013

Sources

Please verify you're human