Lucene search

Jianjun Dai (@Jioun_dai) and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd.ANDROID:CVE-2017-13266

HistoryMar 01, 2018 - 12:00 a.m.

CVE-2017-13266

2018-03-0100:00:00

Jianjun Dai (@Jioun_dai) and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd.

www.androidvulnerabilities.org

0.001 Low

EPSS

Percentile

48.0%

JSON

In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478941.

CPENameOperatorVersion
androidlt7.0
androidlt8.0
androidlt7.1.1
androidlt8.1
androidlt5.1.1
androidlt7.1.2
androidlt6.0.1
androidlt6.0

Name	Operator	Version
android	lt	7.0
android	lt	8.0
android	lt	7.1.1
android	lt	8.1
android	lt	5.1.1
android	lt	7.1.2
android	lt	6.0.1
android	lt	6.0

References

android.googlesource.com/platform/system/bt/+/2f2043f18463a5c963c138d24346870b1066e7a6

nvd.nist.gov/vuln/data-feeds

source.android.com/security/bulletin/2018-03-01.html

source.android.com/security/overview/acknowledgements

0.001 Low

EPSS

Percentile

48.0%

JSON

Related for ANDROID:CVE-2017-13266