CVE-2011-1001

EPSS 0.72%
Veröffentlicht 08.07.2011 17:55:00
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Sdk Version <= 2.2

Google ≫ Android Sdk Version1.1

Google ≫ Android Sdk Version1.5

Google ≫ Android Sdk Version1.6

Google ≫ Android Sdk Version2.0

Google ≫ Android Sdk Version2.0.1

Google ≫ Android Sdk Version2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.72%	0.701

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://android.git.kernel.org/?p=platform/dalvik.git%3Ba=commit%3Bh=4b0750e8df91220690bb417f45d7ae8b7851b220

http://seclists.org/fulldisclosure/2011/Mar/329

https://nvd.nist.gov/vuln/detail/CVE-2011-1001

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-1001

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-1001

EUVD