CVE-2011-1001
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method.
dexdump en Android SDK antes de v2.3 no realiza correctamente la verificación estructural, lo que permite a atacantes remotos asistidos por el usuario provocar una denegación de servicio (caída de dexdump) y posiblemente ejecutar código de su elección a través de un archivo APK o dex mal formado que llama a un método usando mas argumentos que el número que ha sido declarado para ese método.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-02-14 CVE Reserved
- 2011-07-08 CVE Published
- 2023-11-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://android.git.kernel.org/?p=platform/dalvik.git%3Ba=commit%3Bh=4b0750e8df91220690bb417f45d7ae8b7851b220 | X_refsource_confirm | |
| http://seclists.org/fulldisclosure/2011/Mar/329 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Android Sdk Search vendor "Google" for product "Android Sdk" | <= 2.2 Search vendor "Google" for product "Android Sdk" and version " <= 2.2" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Sdk Search vendor "Google" for product "Android Sdk" | 1.1 Search vendor "Google" for product "Android Sdk" and version "1.1" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Sdk Search vendor "Google" for product "Android Sdk" | 1.5 Search vendor "Google" for product "Android Sdk" and version "1.5" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Sdk Search vendor "Google" for product "Android Sdk" | 1.6 Search vendor "Google" for product "Android Sdk" and version "1.6" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Sdk Search vendor "Google" for product "Android Sdk" | 2.0 Search vendor "Google" for product "Android Sdk" and version "2.0" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Sdk Search vendor "Google" for product "Android Sdk" | 2.0.1 Search vendor "Google" for product "Android Sdk" and version "2.0.1" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Sdk Search vendor "Google" for product "Android Sdk" | 2.1 Search vendor "Google" for product "Android Sdk" and version "2.1" | - |
Affected
| ||||||