Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2017-9714

Published: 10/10/2017 Updated: 19/10/2017
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Android

Vulnerability Summary

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an out of bound memory access may happen in limCheckRxRSNIeMatch in case incorrect RSNIE is received from the client in assoc request.

Vulnerable Product Search on Vulmon Subscribe to Product

google android 8.0

Recent Articles

It's 2017 and you can still pwn Android gear with Wi-Fi packets – so get patching now
The Register • Richard Chirgwin • 07 Nov 2017

As researcher pleads with you not to brand bugs with a logo Over a million Android users fooled by fake WhatsApp app in official Google Play Store

A security researcher has turned up new ways to silently hijack and infect Android devices via malicious Wi-Fi packets over the air. Scotty Bauer, a Linux kernel developer, described in detail on Monday how he found a bunch of exploitable programming blunders in the qcacld Wi-Fi driver that supports Qualcomm Atheros chipsets. These chips and their associated driver are used in a number of Android phones, tablets, routers, and other gizmos, including some Pixel and Nexus 5 handhelds, for wireless...

Read more...
Patch your Android, peeps, it has up to 14 nasty flaws to flog
The Register • Iain Thomson in San Francisco • 03 Oct 2017

There's a nasty bug in media file handling – deja vu, right?

Another month, another round of Android patches – although October's batch is pleasantly small compared to other recent releases. Of the 14 CVE flaws released, six cover Android's troubled media processing and playback engine. This means miscreants can fling malicious files at devices to potentially hijack them. The privilege escalation bugs can be used by dodgy apps to gain control of handsets and tablets. There's also a remote-code execution flaw in the Dnsmasq tool used by Android. Details ...

Read more...

References

CWE-119https://source.android.com/security/bulletin/2017-10-01http://www.securityfocus.com/bid/101117https://nvd.nist.govhttps://www.theregister.co.uk/2017/11/07/android_wifi_pwnage_emerges/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook