CVE-2021-25461

Published: 09/09/2021 Updated: 26/04/2022

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 410

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 8.1

CVE-2021-25461 This is a repo with the Proof of Concept for the CVE discovered for the SAUSAGE (Security Analysis of Unix domain Socket usAGE in Android) paper that was accepted to EuroS&P 2022 I worked on this paper with Mounir Elgharabawy, the one who discovered the vuln and wrote the Proof of Concept His repo on the CVE can be seen here All details can be seen in

SAUSAGE SAUSAGE is a static analysis tool that identifies accessible Unix domain sockets given an Android firmware image SAUSAGE relies on a fork of BigMAC to process Android security policies from Android firmware It queries BigMAC for the system services that an untrusted app can communicate with using Unix domain sockets according to the firmware's SELinux policy For

CWE-787 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9 https://nvd.nist.gov https://github.com/bkojusner/CVE-2021-25461

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-25461

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect