PT-2018-4504 · Google · Android
Publicado
2018-04-18
·
Atualizado
2018-05-09
·
CVE-2015-9171
CVSS v2.0
10
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Android versions prior to 2018-04-05
Description
A buffer over-read issue occurs when the
OEMCrypto Dash InstallEncapKeybox() function is called with the keyBoxLength variable set to a value higher than TZ WV MAX DATA LEN (20k).Recommendations
For Android versions prior to 2018-04-05, as a temporary workaround, consider restricting the use of the
OEMCrypto Dash InstallEncapKeybox() function to prevent the buffer over-read issue until a patch is available. Ensure that the keyBoxLength variable is validated to be within the allowed range to prevent exploitation.Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Android