| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANWcMaWLegnxbQiXzHkx2tg-OXD+cKg2TSdR0QzcapddcfHV0g@mail.gmail.com> Date: Mon, 3 Sep 2018 17:46:40 +0300 From: Veysel hataş <vhatas@...il.com> To: fulldisclosure@...lists.org Subject: [FD] Android Dexdump Buffer Overflow Vulnerability Title : Android Dexdump Buffer Overflow Vulnerability Discoverer: Veysel HATAS (vhatas@...il.com) Web page : wise.cs.hacettepe.edu.tr Test: Nexus 4 Android 5.1.1 Status: Not Fixed Severity : High Discovered: 04 February 2018 Reported: 03 August 2018 Published: - Description : dexdump contains a flaw that is triggered as user-supplied input is not properly sanitized when handling a specially crafted dex file. This bug is triggeredin “/system/lib/libz.so" native library. This may allow a context-dependent attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. -- ---- Veysel HATAŞ Security Researcher Blog: http://www.binarysniper.net Twitter: https://twitter.com/muh4f1z PGP key: http://www.binarysniper.net/p/veysels-ublic-pgp-key.html _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists