Published: 04/04/2018 Updated: 08/05/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 510

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

In bnep_process_control_packet of bnep_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177292.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 6.0
google android 7.0
google android 7.1.1
google android 7.1.2
google android 8.0
google android 5.1.1
google android 6.0.1
google android 8.1

import os import sys import struct import bluetooth BNEP_PSM = 15 BNEP_FRAME_CONTROL = 0x01 # Control types (parsed by bnep_process_control_packet() in bnep_utilscc) BNEP_SETUP_CONNECTION_REQUEST_MSG = 0x01 def oob_read(src_bdaddr, dst): bnep = bluetoothBluetoothSocket(bluetoothL2CAP) bnepsettimeout(5) bnepbind((src_bdaddr, ...

import os import sys import struct import bluetooth BNEP_PSM = 15 BNEP_FRAME_COMPRESSED_ETHERNET = 0x02 LEAK_ATTEMPTS = 20 def leak(src_bdaddr, dst): bnep = bluetoothBluetoothSocket(bluetoothL2CAP) bnepsettimeout(5) bnepbind((src_bdaddr, 0)) print 'Connecting to BNEP' bnepconnect((dst, BNEP_PSM)) bnepsettimeout( ...

CWE-125 https://source.android.com/security/bulletin/2018-03-01 https://www.exploit-db.com/exploits/44327/https://www.exploit-db.com/exploits/44326/http://www.securityfocus.com/bid/103253 https://nvd.nist.gov https://www.exploit-db.com/exploits/44327/

CVE-2017-13261

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect