Main Vulnerability Database Vulnerabilities #VU38113

#VU38113 Buffer overflow in Google Android - CVE-2017-11053

Published: October 10, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38113

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-11053

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Google Android

Software vendor:
Google

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when qos map set IE of length less than 16 is received in association response or in qos map configure action frame, a buffer overflow can potentially occur in ConvertQosMapsetFrame().

Remediation

Install update from vendor's website.

External links

http://www.securityfocus.com/bid/101117
https://source.android.com/security/bulletin/2017-10-01

#VU38113 Buffer overflow in Google Android - CVE-2017-11053

Description

Remediation

External links

Please verify you're human