4.3
CVE-2011-1001
- EPSS 1.23%
- Veröffentlicht 08.07.2011 17:55:00
- Zuletzt bearbeitet 16.06.2026 23:28:31
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Google ≫ Android Sdk Version <= 2.2
Google ≫ Android Sdk Version1.1
Google ≫ Android Sdk Version1.5
Google ≫ Android Sdk Version1.6
Google ≫ Android Sdk Version2.0
Google ≫ Android Sdk Version2.0.1
Google ≫ Android Sdk Version2.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.23% | 0.65 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://android.git.kernel.org/?p=platform/dalvik.git%3Ba=commit%3Bh=4b0750e8df91220690bb417f45d7ae8b7851b220
http://seclists.org/fulldisclosure/2011/Mar/329