Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-13262Out-of-bounds Read in INC Android

CWE-125Out-of-bounds Read6 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
21.2%
top 4.32%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Google INC AndroidGoogle Android
Timeline
PublishedApr 4
Latest updateMay 14

Description

In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing length decrement operation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69271284.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDgoogle/android8 versions+7
CVEListV5google_inc/android8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-699h-mg7v-2j2r: In bnep_data_ind of bnep_main2022-05-14
CVEList
CVE-2017-13262: In bnep_data_ind of bnep_main2018-04-04

💥Exploits & PoCs

2
Exploit-DB
Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read2018-03-23
Exploit-DB
Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure2018-03-23

📋Vendor Advisories

1
Android
CVE-2017-13262: Android Security Bulletin 2018-03-01 CVE: CVE-2017-13262 Severity: HIGH Type: ID Affected AOSP versions: 52018-03-01
CVE-2017-13262 — Out-of-bounds Read in INC Android | cvebase