Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-0781BlueBorne: Improper Restriction of Operations within the Bounds of a Memory Buffer in Bluetooth

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents7 sources
Severity
8.8HIGHNVD
EPSS
41.8%
top 2.57%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Google INC AndroidGoogle Android
Timeline
PublishedSep 14
Latest updateMay 19

Description

A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDgoogle/android30 versions+29
CVEListV5google_inc/android9 versions+8

Patches

Patch: source.android.comPatch: source.android.com

🔴Vulnerability Details

2
GHSA
GHSA-33c5-cxgm-mjpc: A remote code execution vulnerability in the Android system (bluetooth)2022-05-13
CVEList
CVE-2017-0781: A remote code execution vulnerability in the Android system (bluetooth)2017-09-14

💥Exploits & PoCs

2
Exploit-DB
LineageOS 14.1 Blueborne - Remote Code Execution2018-04-06
Exploit-DB
Android Bluetooth - 'Blueborne' Information Leak (1)2017-08-09

📋Vendor Advisories

1
Android
CVE-2017-0781: Android Security Bulletin 2017-09-01 CVE: CVE-2017-0781 Severity: CRITICAL Type: RCE Affected AOSP versions: 42017-09-01

🕵️Threat Intelligence

1
Fortinet
BlueBorne May Affect Billions of Bluetooth Devices2017-09-14

📄Research Papers

3
arXiv
Dockerized Android: a container-based platform to build mobile Android scenarios for Cyber Ranges2022-05-19
arXiv
Vulnerability Analysis of the Android Kernel2021-12-20
arXiv
Approach for GDPR Compliant Detection of COVID-19 Infection Chains2020-07-20
CVE-2017-0781 — BlueBorne | cvebase