Full Disclosure mailing list archives
Android Dexdump Buffer Overflow Vulnerability
From: Veysel hataş <vhatas () gmail com>
Date: Mon, 3 Sep 2018 17:46:40 +0300
Title : Android Dexdump Buffer Overflow Vulnerability Discoverer: Veysel HATAS (vhatas () gmail com) Web page : wise.cs.hacettepe.edu.tr Test: Nexus 4 Android 5.1.1 Status: Not Fixed Severity : High Discovered: 04 February 2018 Reported: 03 August 2018 Published: - Description : dexdump contains a flaw that is triggered as user-supplied input is not properly sanitized when handling a specially crafted dex file. This bug is triggeredin “/system/lib/libz.so" native library. This may allow a context-dependent attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. -- ---- Veysel HATAŞ Security Researcher Blog: http://www.binarysniper.net Twitter: https://twitter.com/muh4f1z PGP key: http://www.binarysniper.net/p/veysels-ublic-pgp-key.html _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Android Dexdump Buffer Overflow Vulnerability Veysel hataş (Sep 04)