Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2017-11015

Published: 16/11/2017 Updated: 03/10/2019
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Android

Vulnerability Summary

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, currently, the value of SIR_MAC_AUTH_CHALLENGE_LENGTH is set to 128 which may result in buffer overflow since the frame parser allows challenge text of length up to 253 bytes, but the driver can not handle challenge text larger than 128 bytes.

Vulnerable Product Search on Vulmon Subscribe to Product

google android -

Recent Articles

It's 2017 and you can still pwn Android gear with Wi-Fi packets – so get patching now
The Register • Richard Chirgwin • 07 Nov 2017

As researcher pleads with you not to brand bugs with a logo Over a million Android users fooled by fake WhatsApp app in official Google Play Store

A security researcher has turned up new ways to silently hijack and infect Android devices via malicious Wi-Fi packets over the air. Scotty Bauer, a Linux kernel developer, described in detail on Monday how he found a bunch of exploitable programming blunders in the qcacld Wi-Fi driver that supports Qualcomm Atheros chipsets. These chips and their associated driver are used in a number of Android phones, tablets, routers, and other gizmos, including some Pixel and Nexus 5 handhelds, for wireless...

Read more...
KRACK whacked, media playback holes packed, other bugs go splat in Android patch pact
The Register • Shaun Nichols in San Francisco • 07 Nov 2017

Update your firmware ASAP to avoid being hacked Google's answer to the Pixel 2 XL CRT-style screen burn in: Lower the brightness

Google has released its November security update for Android, addressing a bag of security holes. You should install them as soon as they are available for your phone, tablet and other gadgets. Depending on your mobile carrier and device manufacturer, they may arrive immediately, soon, late or never. Among the holes covered by the release is the KRACK Wi-Fi key reinstallation flaw that made headlines last month after researchers described how the flaw could potentially allow eavesdropping on nea...

Read more...

References

CWE-120https://source.android.com/security/bulletin/2017-11-01http://www.securityfocus.com/bid/101774https://nvd.nist.govhttps://www.theregister.co.uk/2017/11/07/android_wifi_pwnage_emerges/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook