Lucene search

[email protected]NVD:CVE-2011-1001

HistoryJul 08, 2011 - 5:55 p.m.

CVE-2011-1001

2011-07-0817:55:00

CWE-20

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.4%

JSON

dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method.

Affected configurations

NVD

Node

googleandroid_sdkRange≤2.2

googleandroid_sdkMatch1.1

googleandroid_sdkMatch1.5

googleandroid_sdkMatch1.6

googleandroid_sdkMatch2.0

googleandroid_sdkMatch2.0.1

googleandroid_sdkMatch2.1

References

android.git.kernel.org/?p=platform/dalvik.git%3Ba=commit%3Bh=4b0750e8df91220690bb417f45d7ae8b7851b220

seclists.org/fulldisclosure/2011/Mar/329

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.4%

JSON

Related for NVD:CVE-2011-1001

cve1 cvelist1 nessus1 prion1