CVE-2011-3874

Published Jan 27, 2012

Last updated a year ago

Overview

Description: Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRush to trigger a use-after-free error.
Source: chrome-cve-admin@google.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:google:android:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78B69434-13B2-4A43-AEB0-55E0ED403E54"
          },
          {
            "criteria": "cpe:2.3:o:google:android:2.2:rev1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1755B91-1B6B-4A9E-BB6B-22B399A6DD02"
          },
          {
            "criteria": "cpe:2.3:o:google:android:2.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A92E88F-CCED-41D7-AFB7-CE1F9265E546"
          },
          {
            "criteria": "cpe:2.3:o:google:android:2.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D13D3A00-27A0-4635-9D50-05CA81950691"
          },
          {
            "criteria": "cpe:2.3:o:google:android:2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18669EEC-ABB9-4CE4-8C0E-A88BE08EC368"
          },
          {
            "criteria": "cpe:2.3:o:google:android:2.3:rev1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61D64B87-F1F1-4E52-86AE-F28E2C43A9A8"
          },
          {
            "criteria": "cpe:2.3:o:google:android:2.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83AB2497-59DE-4253-A758-A3D03FAEB913"
          },
          {
            "criteria": "cpe:2.3:o:google:android:2.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E197EC0-82DF-49D5-BD1A-7EA22EC0B806"
          },
          {
            "criteria": "cpe:2.3:o:google:android:2.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "286EED24-E011-4009-BC2E-B63CA06072CE"
          },
          {
            "criteria": "cpe:2.3:o:google:android:2.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D634E2E3-4E8A-4C88-A6BF-DBE7439EB3B0"
          },
          {
            "criteria": "cpe:2.3:o:google:android:2.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77E6F4DF-F80F-4A9B-871E-155C0D3DD449"
          },
          {
            "criteria": "cpe:2.3:o:google:android:2.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5CC08431-C70E-4964-B7C0-C9C45F70DCD2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References