CVE-2014-0997
Android WiFi-Direct - Denial of Service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
5Exploited in Wild
-Decision
Descriptions
WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame.
WiFiMonitor en Android 4.4.4 tal y como se emplea en Nexus 5 y 4, Android 4.2.2 tal y como se emplea en LG D806, Android 4.2.2 tal y como se emplea en Samsung SM-T310, Android 4.1.2 tal y como se emplea en Motorola RAZR HD y potencialmente en otras distribuciones Android anteriores a la 5.0.1 y 5.0.2 no gestiona correctamente las excepciones. Esto permite que los atacantes remotos provoquen una denegaciĆ³n de servicio (reinicio) mediante un marco de respuesta de sonda 802.11.
Core Security Technologies Advisory - Some Android devices are affected by a denial of service attack when scanning for WiFi Direct devices. An attacker could send a specially crafted 802.11 Probe Response frame causing the Dalvik subsystem to reboot because of an Unhandle Exception on WiFiMonitor class.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-01-07 CVE Reserved
- 2015-01-26 CVE Published
- 2015-01-26 First Exploit
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-19: Data Processing Errors
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/534544/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/72311 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/130107 | 2015-01-26 | |
| https://www.exploit-db.com/exploits/35913 | 2024-08-06 | |
| http://packetstormsecurity.com/files/130107/Android-WiFi-Direct-Denial-Of-Service.html | 2024-08-06 | |
| http://seclists.org/fulldisclosure/2015/Jan/104 | 2024-08-06 | |
| https://www.coresecurity.com/advisories/android-wifi-direct-denial-service | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 4.4.4 Search vendor "Google" for product "Android" and version "4.4.4" | - |
Affected
| in | Google Search vendor "Google" | Nexus 4 Search vendor "Google" for product "Nexus 4" | - | - |
Safe
|
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 4.4.4 Search vendor "Google" for product "Android" and version "4.4.4" | - |
Affected
| in | Google Search vendor "Google" | Nexus 5 Search vendor "Google" for product "Nexus 5" | - | - |
Safe
|
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 4.2.2 Search vendor "Google" for product "Android" and version "4.2.2" | - |
Affected
| in | Lg Search vendor "Lg" | D806 Search vendor "Lg" for product "D806" | - | - |
Safe
|
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 4.2.2 Search vendor "Google" for product "Android" and version "4.2.2" | - |
Affected
| in | Samsung Search vendor "Samsung" | Sm-t310 Search vendor "Samsung" for product "Sm-t310" | - | - |
Safe
|
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 4.1.2 Search vendor "Google" for product "Android" and version "4.1.2" | - |
Affected
| in | Motorola Search vendor "Motorola" | Razr Hd Search vendor "Motorola" for product "Razr Hd" | - | - |
Safe
|