PT-2017-3614 · Google · Android

Published

2017-09-27

Updated

2018-04-06

CVE-2017-18063

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Android (affected versions not specified)

Description: The issue is related to the wma nlo match evt handler function in the WLAN component of the Android operating system, which is part of the CAF repository. It involves an out-of-bounds memory access operation. This could allow an attacker to execute arbitrary code in the context of a privileged process using a specially crafted file. The problem arises from improper input validation for the nlo event in the wma nlo match evt handler() function, which receives input from firmware.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-119

Related Identifiers

BDU:2018-00597

CVE-2017-18063

Affected Products

Android

PT-2017-3614 · Google · Android

CVE-2017-18063

Weakness Enumeration

Related Identifiers

Affected Products

References · 5