PT-2016-1873 · Google · Android

Marie Janssen

Publicado

2016-05-09

Atualizado

2016-05-10

CVE-2016-2439

CVSS v3.1

8.8

Alta

Vetor

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Android versions prior to 4.4.4 Android 5.0.x versions prior to 5.0.2 Android 5.1.x versions prior to 5.1.1 Android 6.x versions prior to 2016-05-01

Description The issue is caused by a buffer overflow in the btif/src/btif dm.c component of the Bluetooth functionality in Android. This allows remote attackers to execute arbitrary code via a long PIN value.

Recommendations For Android versions prior to 4.4.4, update to version 4.4.4 or later. For Android 5.0.x versions prior to 5.0.2, update to version 5.0.2 or later. For Android 5.1.x versions prior to 5.1.1, update to version 5.1.1 or later. For Android 6.x versions prior to 2016-05-01, update to a version released after 2016-05-01. As a temporary workaround, consider restricting the use of Bluetooth functionality with long PIN values until a patch is available.

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

BDU:2016-01206

CVE-2016-2439

Produtos afetados

Android

PT-2016-1873 · Google · Android

CVE-2016-2439

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5