CVE-2014-1909 — Numeric Range Comparison Without Minimum Check in Android-platform-system-core

CWE-1895 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.8%

top 26.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Android-platform-system-core Google Android SDK Platform Tools Opensuse

Timeline

PublishedMay 14

Latest updateMay 14

Description

Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge (ADB) for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based buffer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/android-platform-system-core< android-platform-system-core 1:6.0.0+r26-1~stage1 (bullseye)

▶NVDgoogle/android_sdk_platform_tools18.0.1

▶NVDopensuse/opensuse12.3, 13.1+1

🔴Vulnerability Details

GHSA

GHSA-58c5-6h84-hwh5: Integer signedness error in system/core/adb/adb_client↗2022-05-14

▶

OSV

CVE-2014-1909: Integer signedness error in system/core/adb/adb_client↗2014-05-14

▶

📋Vendor Advisories

Debian

CVE-2014-1909: android-platform-system-core - Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge...↗2014

▶

💬Community

Bugzilla

CVE-2014-1909 android-tools: stack-based buffer overflow flaw in Android Debug Bridge (ADB) client↗2014-02-06

▶