[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Android Dexdump Buffer Overflow Vulnerability

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] Android Dexdump Buffer Overflow Vulnerability
From: Veysel hataş <vhatas@xxxxxxxxx>
Date: Mon, 3 Sep 2018 17:46:40 +0300

Title : Android Dexdump Buffer Overflow Vulnerability
Discoverer: Veysel HATAS (vhatas@xxxxxxxxx)
Web page : wise.cs.hacettepe.edu.tr
Test: Nexus 4 Android 5.1.1
Status: Not Fixed
Severity : High

Discovered: 04 February 2018
Reported: 03 August 2018
Published: -

Description : dexdump contains a flaw that is triggered as user-supplied
input is not properly sanitized when handling a specially crafted dex file.
This bug is triggeredin “/system/lib/libz.so" native library. This may
allow a context-dependent attacker to corrupt memory and cause a denial of
service or potentially execute arbitrary code.

-- 
----
Veysel HATAŞ
Security Researcher

Blog: http://www.binarysniper.net
Twitter: https://twitter.com/muh4f1z
PGP key: http://www.binarysniper.net/p/veysels-ublic-pgp-key.html

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Defense in depth -- the Microsoft way (part 57): installation of security updates fails on Windows Embedded POSReady 2009
Next by Date: [FD] [CORE-2018-0008] - Opsview Monitor Multiple Vulnerabilities
Previous by thread: [FD] Defense in depth -- the Microsoft way (part 57): installation of security updates fails on Windows Embedded POSReady 2009
Next by thread: [FD] [CORE-2018-0008] - Opsview Monitor Multiple Vulnerabilities
Index(es):
- Date
- Thread