CVE-2011-1001 - OpenCVE

dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android Sdk

Configuration 1 [-]

OR	cpe:2.3:a:google:android_sdk::::::::
	cpe:2.3:a:google:android_sdk:1.1:::::::*
	cpe:2.3:a:google:android_sdk:1.5:::::::*
	cpe:2.3:a:google:android_sdk:1.6:::::::*
	cpe:2.3:a:google:android_sdk:2.0:::::::*
	cpe:2.3:a:google:android_sdk:2.0.1:::::::*
	cpe:2.3:a:google:android_sdk:2.1:::::::*

No data.

References

Link	Providers
http://android.git.kernel.org/?p=platform/dalvik.git%3Ba=commit%3Bh=4b0750e8df91220690bb417f45d7ae8b7851b220
http://seclists.org/fulldisclosure/2011/Mar/329

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-07-08T17:00:00

Updated: 2024-08-06T22:14:26.957Z

Reserved: 2011-02-14T00:00:00

Link: CVE-2011-1001

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-07-08T17:55:00.960

Modified: 2023-11-07T02:06:55.477

Link: CVE-2011-1001

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-05-27T00:00:00", "descriptions": [{"lang": "en", "value": "dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-09-07T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://android.git.kernel.org/?p=platform/dalvik.git%3Ba=commit%3Bh=4b0750e8df91220690bb417f45d7ae8b7851b220"}, {"name": "20110328 Android SDK: Segmentation fault with dexdump / dexDecodeDebugInfo", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2011/Mar/329"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-1001", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://android.git.kernel.org/?p=platform/dalvik.git;a=commit;h=4b0750e8df91220690bb417f45d7ae8b7851b220", "refsource": "CONFIRM", "url": "http://android.git.kernel.org/?p=platform/dalvik.git;a=commit;h=4b0750e8df91220690bb417f45d7ae8b7851b220"}, {"name": "20110328 Android SDK: Segmentation fault with dexdump / dexDecodeDebugInfo", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2011/Mar/329"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:14:26.957Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://android.git.kernel.org/?p=platform/dalvik.git%3Ba=commit%3Bh=4b0750e8df91220690bb417f45d7ae8b7851b220"}, {"name": "20110328 Android SDK: Segmentation fault with dexdump / dexDecodeDebugInfo", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2011/Mar/329"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1001", "datePublished": "2011-07-08T17:00:00", "dateReserved": "2011-02-14T00:00:00", "dateUpdated": "2024-08-06T22:14:26.957Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:android_sdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "78801896-CCF5-4020-9AF3-F0C46C51BFF9", "versionEndIncluding": "2.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:android_sdk:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "0DB46A7A-8BA6-43C7-97A6-ECA620D21A1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:android_sdk:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "7D4839F4-53B9-4744-8EF1-CECBADCA9916", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:android_sdk:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "89184F6B-3367-4808-B76F-1F95FBC08B38", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:android_sdk:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "699EC2A8-1CD3-4DFA-86BC-18E2D5533AC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:android_sdk:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "8DE3392E-FD2A-4081-9D84-7C014E98BEE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:android_sdk:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7D71C1A6-930F-43C3-8B16-77BE5C14BF81", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method."}, {"lang": "es", "value": "dexdump en Android SDK antes de v2.3 no realiza correctamente la verificaci\u00f3n estructural, lo que permite a atacantes remotos asistidos por el usuario provocar una denegaci\u00f3n de servicio (ca\u00edda de dexdump) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo APK o dex mal formado que llama a un m\u00e9todo usando mas argumentos que el n\u00famero que ha sido declarado para ese m\u00e9todo."}], "id": "CVE-2011-1001", "lastModified": "2023-11-07T02:06:55.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-07-08T17:55:00.960", "references": [{"source": "secalert@redhat.com", "url": "http://android.git.kernel.org/?p=platform/dalvik.git%3Ba=commit%3Bh=4b0750e8df91220690bb417f45d7ae8b7851b220"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/fulldisclosure/2011/Mar/329"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}