CVE-2011-1001 - Vulnerability Details - OpenCVE

dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00719.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android Sdk

Configuration 1 [-]

OR	cpe:2.3:a:google:android_sdk::::::::
	cpe:2.3:a:google:android_sdk:1.1:::::::*
	cpe:2.3:a:google:android_sdk:1.5:::::::*
	cpe:2.3:a:google:android_sdk:1.6:::::::*
	cpe:2.3:a:google:android_sdk:2.0:::::::*
	cpe:2.3:a:google:android_sdk:2.0.1:::::::*
	cpe:2.3:a:google:android_sdk:2.1:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2011-1018	dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://android.git.kernel.org/?p=platform/dalvik.git%3Ba=commit%3Bh=4b0750e8df91220690bb417f45d7ae8b7851b220
http://seclists.org/fulldisclosure/2011/Mar/329

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-07-08T17:00:00

Updated: 2024-08-06T22:14:26.957Z

Reserved: 2011-02-14T00:00:00

Link: CVE-2011-1001

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2011-07-08T17:55:00.960

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-1001

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-05-27T00:00:00", "descriptions": [{"lang": "en", "value": "dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-09-07T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://android.git.kernel.org/?p=platform/dalvik.git%3Ba=commit%3Bh=4b0750e8df91220690bb417f45d7ae8b7851b220"}, {"name": "20110328 Android SDK: Segmentation fault with dexdump / dexDecodeDebugInfo", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2011/Mar/329"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-1001", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://android.git.kernel.org/?p=platform/dalvik.git;a=commit;h=4b0750e8df91220690bb417f45d7ae8b7851b220", "refsource": "CONFIRM", "url": "http://android.git.kernel.org/?p=platform/dalvik.git;a=commit;h=4b0750e8df91220690bb417f45d7ae8b7851b220"}, {"name": "20110328 Android SDK: Segmentation fault with dexdump / dexDecodeDebugInfo", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2011/Mar/329"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:14:26.957Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://android.git.kernel.org/?p=platform/dalvik.git%3Ba=commit%3Bh=4b0750e8df91220690bb417f45d7ae8b7851b220"}, {"name": "20110328 Android SDK: Segmentation fault with dexdump / dexDecodeDebugInfo", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2011/Mar/329"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1001", "datePublished": "2011-07-08T17:00:00", "dateReserved": "2011-02-14T00:00:00", "dateUpdated": "2024-08-06T22:14:26.957Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:android_sdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "78801896-CCF5-4020-9AF3-F0C46C51BFF9", "versionEndIncluding": "2.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:android_sdk:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "0DB46A7A-8BA6-43C7-97A6-ECA620D21A1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:android_sdk:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "7D4839F4-53B9-4744-8EF1-CECBADCA9916", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:android_sdk:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "89184F6B-3367-4808-B76F-1F95FBC08B38", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:android_sdk:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "699EC2A8-1CD3-4DFA-86BC-18E2D5533AC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:android_sdk:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "8DE3392E-FD2A-4081-9D84-7C014E98BEE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:android_sdk:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7D71C1A6-930F-43C3-8B16-77BE5C14BF81", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method."}, {"lang": "es", "value": "dexdump en Android SDK antes de v2.3 no realiza correctamente la verificaci\u00f3n estructural, lo que permite a atacantes remotos asistidos por el usuario provocar una denegaci\u00f3n de servicio (ca\u00edda de dexdump) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo APK o dex mal formado que llama a un m\u00e9todo usando mas argumentos que el n\u00famero que ha sido declarado para ese m\u00e9todo."}], "id": "CVE-2011-1001", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-07-08T17:55:00.960", "references": [{"source": "secalert@redhat.com", "url": "http://android.git.kernel.org/?p=platform/dalvik.git%3Ba=commit%3Bh=4b0750e8df91220690bb417f45d7ae8b7851b220"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/fulldisclosure/2011/Mar/329"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://android.git.kernel.org/?p=platform/dalvik.git%3Ba=commit%3Bh=4b0750e8df91220690bb417f45d7ae8b7851b220"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2011/Mar/329"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}