Lucene search

Jianjun Dai (@Jioun_dai) and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd.ANDROID:CVE-2017-13256

HistoryMar 01, 2018 - 12:00 a.m.

CVE-2017-13256

2018-03-0100:00:00

Jianjun Dai (@Jioun_dai) and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd.

www.androidvulnerabilities.org

0.001 Low

EPSS

Percentile

29.4%

JSON

In process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68817966.

CPENameOperatorVersion
androidlt7.0
androidlt8.0
androidlt7.1.1
androidlt8.1
androidlt5.1.1
androidlt7.1.2
androidlt6.0.1
androidlt6.0

Name	Operator	Version
android	lt	7.0
android	lt	8.0
android	lt	7.1.1
android	lt	8.1
android	lt	5.1.1
android	lt	7.1.2
android	lt	6.0.1
android	lt	6.0

References

android.googlesource.com/platform/system/bt/+/f0edf6571d2d58e66ee0b100ebe49c585d31489f

nvd.nist.gov/vuln/data-feeds

source.android.com/security/bulletin/2018-03-01.html

source.android.com/security/overview/acknowledgements

0.001 Low

EPSS

Percentile

29.4%

JSON

Related for ANDROID:CVE-2017-13256