exploitDog

CVE-2017-11035

Опубликовано: 16 нояб. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, possible buffer overflow or information leak in the functions "sme_set_ft_ies" and "csr_roam_issue_ft_preauth_req" due to incorrect initialization of WEXT callbacks and lack of the checks for buffer size.

Ссылки

https://source.android.com/security/bulletin/pixel/2017-11-01
Patch
Vendor Advisory
https://source.android.com/security/bulletin/pixel/2018-01-01
https://source.android.com/security/bulletin/pixel/2017-11-01
Patch
Vendor Advisory
https://source.android.com/security/bulletin/pixel/2018-01-01

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

EPSS

Процентиль: 3%

0.00017

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

GHSA-8wgp-rhgm-7ghc

CVSS3: 7.8

github

больше 3 лет назад

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, possible buffer overflow or information leak in the functions "sme_set_ft_ies" and "csr_roam_issue_ft_preauth_req" due to incorrect initialization of WEXT callbacks and lack of the checks for buffer size.

EPSS

Процентиль: 3%

0.00017

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-125