CVE-2024-49745 — Out-of-bounds Write in Frameworks Native

CWE-787 — Out-of-bounds Write5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 77.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform Frameworks Native Google Android

Timeline

PublishedJan 21

Latest updateJan 22

Description

In growData of Parcel.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶Androidplatform/frameworks_native15-next:0 — 15-next:2025-01-01+5

▶CVEListV5google/android5 versions+4

▶NVDgoogle/android5 versions+4

🔴Vulnerability Details

GHSA

GHSA-px86-7w9g-5j6m: In growData of Parcel↗2025-01-22

▶

CVEList

CVE-2024-49745: In growData of Parcel↗2025-01-21

▶

OSV

CVE-2024-49745: In growData of Parcel↗2025-01-01

▶

📋Vendor Advisories

Android

CVE-2024-49745: Android Security Bulletin 2025-01-01 CVE: CVE-2024-49745 Severity: HIGH Type: EoP Affected AOSP versions: 12, 12L, 13, 14, 15 References: A-370831157↗2025-01-01

▶