CVE-2011-3874
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRush to trigger a use-after-free error.
Un desbordamiento de búfer basado en pila en libsysutils en Android v2.2.x hasta la v2.2.2 y v2.3.x hasta la v2.3.6 permite ejecutar código de su elección a los usuarios remotos con la ayuda de usuarios locales, a través de una aplicación que llama al método FrameworkListener::dispatchCommand con un número incorrecto de argumentos, como lo demuestra el exploit zergRush para provocar un error de uso después de liberación.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-10-01 CVE Reserved
- 2012-01-27 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://code.google.com/p/android/issues/detail?id=21681 | X_refsource_confirm | |
http://www.openwall.com/lists/oss-security/2011/11/08/3 | Mailing List | |
http://www.openwall.com/lists/oss-security/2011/11/08/4 | Mailing List | |
http://www.openwall.com/lists/oss-security/2011/11/10/1 | Mailing List | |
https://github.com/revolutionary/zergRush/blob/master/zergRush.c | X_refsource_misc |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.2 Search vendor "Google" for product "Android" and version "2.2" | - |
Affected
| ||||||
Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.2 Search vendor "Google" for product "Android" and version "2.2" | rev1 |
Affected
| ||||||
Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.2.1 Search vendor "Google" for product "Android" and version "2.2.1" | - |
Affected
| ||||||
Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.2.2 Search vendor "Google" for product "Android" and version "2.2.2" | - |
Affected
| ||||||
Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.3 Search vendor "Google" for product "Android" and version "2.3" | - |
Affected
| ||||||
Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.3 Search vendor "Google" for product "Android" and version "2.3" | rev1 |
Affected
| ||||||
Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.3.1 Search vendor "Google" for product "Android" and version "2.3.1" | - |
Affected
| ||||||
Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.3.2 Search vendor "Google" for product "Android" and version "2.3.2" | - |
Affected
| ||||||
Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.3.3 Search vendor "Google" for product "Android" and version "2.3.3" | - |
Affected
| ||||||
Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.3.4 Search vendor "Google" for product "Android" and version "2.3.4" | - |
Affected
| ||||||
Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.3.5 Search vendor "Google" for product "Android" and version "2.3.5" | - |
Affected
| ||||||
Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.3.6 Search vendor "Google" for product "Android" and version "2.3.6" | - |
Affected
|