Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-13260Out-of-bounds Read in INC Android

CWE-125Out-of-bounds Read6 documents5 sources
Severity
7.5HIGHNVD
EPSS
20.1%
top 4.51%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Google INC AndroidGoogle Android
Timeline
PublishedApr 4
Latest updateMay 14

Description

In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177251.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDgoogle/android8 versions+7
CVEListV5google_inc/android8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-95pw-qvfx-3cvv: In bnep_data_ind of bnep_main2022-05-14
CVEList
CVE-2017-13260: In bnep_data_ind of bnep_main2018-04-04

💥Exploits & PoCs

2
Exploit-DB
Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read2018-03-23
Exploit-DB
Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure2018-03-23

📋Vendor Advisories

1
Android
CVE-2017-13260: Android Security Bulletin 2018-03-01 CVE: CVE-2017-13260 Severity: HIGH Type: ID Affected AOSP versions: 52018-03-01
CVE-2017-13260 — Out-of-bounds Read in INC Android | cvebase