CVE-2024-0039

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

En attp_build_value_cmd de att_protocol.cc, hay una posible escritura fuera de los límites debido a una verificación de los límites faltantes. Esto podría conducir a la ejecución remota de código sin necesidad de privilegios de ejecución adicionales. La interacción del usuario no es necesaria para la explotación.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-11-16 CVE Reserved
2024-03-11 CVE Published
2024-03-12 EPSS Updated
2024-05-29 First Exploit
2024-08-01 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (6)

URL	Tag	Source
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/015c618a0461def93138173a53daaf27ca0630c9
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/17044ccf3a2858633cad8f87926e752edfe0d8d8
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f0f35273101518d1f3a660b151804e90d0249af3
https://source.android.com/security/bulletin/2024-03-01

URL	Date	SRC
https://github.com/41yn14/CVE-2024-0039-Exploit	2024-05-29
https://github.com/23Nero/fix-02-failure-CVE-2024-31319-CVE-2024-0039	2024-08-23

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Google Search vendor "Google"		Android Search vendor "Google" for product "Android"				14 Search vendor "Google" for product "Android" and version "14"		en		Affected
Google Search vendor "Google"		Android Search vendor "Google" for product "Android"				13 Search vendor "Google" for product "Android" and version "13"		en		Affected
Google Search vendor "Google"		Android Search vendor "Google" for product "Android"				12 Search vendor "Google" for product "Android" and version "12"		en		Affected
Google Search vendor "Google"		Android Search vendor "Google" for product "Android"				12 Search vendor "Google" for product "Android" and version "12"		en		Affected