CVE-2017-13291 — NULL Pointer Dereference in INC Android

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 30.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google INC Android Google Android

Timeline

PublishedApr 4

Latest updateMay 14

Description

In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible NULL pointer dereference due to missing bounds checks. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603553.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDgoogle/android5 versions+4

▶CVEListV5google_inc/android5 versions+4

🔴Vulnerability Details

GHSA

GHSA-hjf6-37q3-h7x8: In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct↗2022-05-14

▶

CVEList

CVE-2017-13291: In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct↗2018-04-04

▶

📋Vendor Advisories

Android

CVE-2017-13291: Android Security Bulletin 2018-04-01 CVE: CVE-2017-13291 Severity: HIGH Type: DoS Affected AOSP versions: 7↗2018-04-01

▶