PT-2018-6568 · Mozilla+1 · Firefox Os+1
Published
2018-03-30
·
Updated
2018-04-25
·
CVE-2017-17766
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Android for MSM versions prior to 2017-10-03
Firefox OS for MSM versions prior to 2017-10-03
QRD Android versions prior to 2017-10-03
Description:
The issue arises from improper validation of the
num peers value received from firmware in the wma peer info event handler() function. This can lead to an integer overflow vulnerability when allocating a buffer, potentially resulting in a buffer overflow.Recommendations:
For Android for MSM versions prior to 2017-10-03, update to a version released after 2017-10-03 to resolve the issue.
For Firefox OS for MSM versions prior to 2017-10-03, update to a version released after 2017-10-03 to resolve the issue.
For QRD Android versions prior to 2017-10-03, update to a version released after 2017-10-03 to resolve the issue.
Fix
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android
Firefox Os