PT-2018-5548 · Google · Android

Quarkslab

Published

2018-04-04

Updated

2018-05-08

CVE-2017-13262

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Android versions 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1

Description: The issue is related to a possible out of bounds read in the bnep data ind function of bnep main.cc. This could lead to remote information disclosure without requiring additional execution privileges. User interaction is not necessary for exploitation.

Recommendations: For Android versions 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1, at the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2017-13262

Affected Products

Android

PT-2018-5548 · Google · Android

CVE-2017-13262

Weakness Enumeration

Related Identifiers

Affected Products

References · 7