CVE-2017-13292Out-of-bounds Write in INC Android

CWE-787Out-of-bounds Write4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
1.0%
top 22.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google INC Android
Timeline
PublishedApr 4
Latest updateMay 14

Description

In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-70722061. References: B-V2018010201.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

CVEListV5google_inc/androidAndroid kernel

🔴Vulnerability Details

2
GHSA
GHSA-4gc9-mgw3-mmqm: In wl_get_assoc_ies of wl_cfg802112022-05-14
CVEList
CVE-2017-13292: In wl_get_assoc_ies of wl_cfg802112018-04-04

📋Vendor Advisories

1
Android
CVE-2017-13292: bcmdhd driver2018-04-01
CVE-2017-13292 — Out-of-bounds Write in INC Android | cvebase