CVE-2016-8411 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Android

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

0.1%

top 70.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Android Google INC Android

Timeline

PublishedJan 27

Latest updateMay 17

Description

Buffer overflow vulnerability while processing QMI QOS TLVs. Product: Android. Versions: versions that have qmi_qos_srvc.c. Android ID: 31805216. References: QC CR#912775.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDgoogle/android7.1.1

▶googlegoogle/android

▶CVEListV5google_inc/androidversions that have i_qos_srvc.c

Patches

Patch: source.android.com ↗Patch: source.android.com ↗

🔴Vulnerability Details

GHSA

GHSA-f8fq-8pvw-p4xw: Buffer overflow vulnerability while processing QMI QOS TLVs↗2022-05-17

▶

OSV

CVE-2016-8411: Buffer overflow vulnerability while processing QMI QOS TLVs↗2017-01-27

▶

📋Vendor Advisories

Android

CVE-2016-8411: Android Security Bulletin 2016-12-01 CVE: CVE-2016-8411 Severity: CRITICAL References: A-31805216**↗2016-12-01

▶