CVE-2014-1909 - Vulnerability Details - OpenCVE

Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge (ADB) for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based buffer overflow.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.0078.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android Debug Bridge Android Sdk Platform Tools
Opensuse	Opensuse

Configuration 1 [-]

OR	cpe:2.3:a:google:android_debug_bridge:-:::::::*
	cpe:2.3:a:google:android_sdk_platform_tools:18.0.1:::::::*
	cpe:2.3:o:opensuse:opensuse:12.3:::::::*
	cpe:2.3:o:opensuse:opensuse:13.1:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2014-1970	Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge (ADB) for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based buffer overflow.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://lists.opensuse.org/opensuse-updates/2014-05/msg00038.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00039.html
http://seclists.org/oss-sec/2014/q1/291
http://www.securityfocus.com/bid/65403
https://exchange.xforce.ibmcloud.com/vulnerabilities/91291

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-05-14T00:00:00

Updated: 2024-08-06T09:58:15.753Z

Reserved: 2014-02-07T00:00:00

Link: CVE-2014-1909

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-05-14T00:55:08.570

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-1909

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-02-04T00:00:00", "descriptions": [{"lang": "en", "value": "Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge (ADB) for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based buffer overflow."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "openSUSE-SU-2014:0636", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00038.html"}, {"name": "openSUSE-SU-2014:0637", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00039.html"}, {"name": "[oss-security] 20140208 Re: CVE Request: Multiple security issues in Android Debug Bridge (Android SDK Tools)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2014/q1/291"}, {"name": "androidsdk-cve20141909-bo(91291)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91291"}, {"name": "65403", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/65403"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1909", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge (ADB) for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based buffer overflow."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2014:0636", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00038.html"}, {"name": "openSUSE-SU-2014:0637", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00039.html"}, {"name": "[oss-security] 20140208 Re: CVE Request: Multiple security issues in Android Debug Bridge (Android SDK Tools)", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2014/q1/291"}, {"name": "androidsdk-cve20141909-bo(91291)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91291"}, {"name": "65403", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65403"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:58:15.753Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2014:0636", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00038.html"}, {"name": "openSUSE-SU-2014:0637", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00039.html"}, {"name": "[oss-security] 20140208 Re: CVE Request: Multiple security issues in Android Debug Bridge (Android SDK Tools)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2014/q1/291"}, {"name": "androidsdk-cve20141909-bo(91291)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91291"}, {"name": "65403", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/65403"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-1909", "datePublished": "2014-05-14T00:00:00", "dateReserved": "2014-02-07T00:00:00", "dateUpdated": "2024-08-06T09:58:15.753Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:android_debug_bridge:-:*:*:*:*:*:*:*", "matchCriteriaId": "E17344F7-021A-4913-9D50-9B3A4268AC88", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:android_sdk_platform_tools:18.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B6429DA3-FD42-40FD-9F37-E13D38E208A1", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge (ADB) for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based buffer overflow."}, {"lang": "es", "value": "Error de signo de enteros en system/core/adb/adb_client.c en Android Debug Bridge (ADB) para Android 4.4 en las herramientas de plataforma de Android SDK 18.0.1 permite a servidores ADB ejecutar c\u00f3digo arbitrario a trav\u00e9s de un valor de longitud negativo, lo que evade una comparaci\u00f3n de signo y provoca un desbordamiento de buffer basado en pila."}], "id": "CVE-2014-1909", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-14T00:55:08.570", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00038.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00039.html"}, {"source": "cve@mitre.org", "url": "http://seclists.org/oss-sec/2014/q1/291"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/65403"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91291"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00038.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00039.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/oss-sec/2014/q1/291"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/65403"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91291"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}