In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603315.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://source.android.com/security/bulletin/2018-04-01 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: google_android
Published: 2018-04-04T16:00:00Z
Updated: 2024-09-17T03:34:19.991Z
Reserved: 2017-08-23T00:00:00
Link: CVE-2017-13282
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-04-04T16:29:00.760
Modified: 2018-05-09T13:10:37.537
Link: CVE-2017-13282
Redhat
No data.