Buffer overflow in Google Android - CVE-2017-11053

 

Buffer overflow in Google Android - CVE-2017-11053

Published: October 10, 2017 / Updated: August 8, 2020


Vulnerability identifier: #VU38113
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-11053
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Google
Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when qos map set IE of length less than 16 is received in association response or in qos map configure action frame, a buffer overflow can potentially occur in ConvertQosMapsetFrame().


How to mitigate CVE-2017-11053

Install update from vendor's website.

Sources