CVE-2011-1001

CWE-20 — Improper Input Validation6 documents5 sources

Severity

4.3MEDIUM

EPSS

0.7%

top 27.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Android SDK

Timeline

PublishedJul 8

Latest updateMay 17

Description

dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDgoogle/android_sdk2.2+6

🔴Vulnerability Details

GHSA

GHSA-qgrm-h8v4-5h63: dexdump in Android SDK before 2↗2022-05-17

▶

CVEList

CVE-2011-1001: dexdump in Android SDK before 2↗2011-07-08

▶

💥Exploits & PoCs

Exploit-DB

sudo 1.8.0 < 1.8.3p1 - 'sudo_debug' glibc FORTIFY_SOURCE Bypass + Privilege Escalation↗2013-05-01

▶

Exploit-DB

tmux 1.3/1.4 - '-S' Option Incorrect SetGID Privilege Escalation↗2011-04-11

▶

💬Community

Bugzilla

CVE-2011-1496 tmux does not drop group tmux privileges properly↗2011-04-05

▶