CVE-2016-8411

Name of the Vulnerable Software and Affected Versions Android versions that have qmi qos srvc.c

Description The issue is related to a buffer overflow vulnerability while processing QMI QOS TLVs. This vulnerability can be exploited by a remote attacker to cause a denial of service through a specially crafted directory name, specified in the uid parameter, associated with the WAR file name, which can be included in a POST request.

Recommendations For Android versions that have qmi qos srvc.c, consider restricting access to the QMI QOS TLVs component to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the uid parameter in POST requests that may be associated with the WAR file name. At the moment, there is no information about a newer version that contains a fix for this vulnerability.