Vulnerabilities > CVE-2017-13260 - Out-of-bounds Read vulnerability in Google Android
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177251.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 8 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Exploit-Db
description Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read. CVE-2017-13258,CVE-2017-13260,CVE-2017-13261,CVE-2017-13262. Dos exploit for A... file exploits/android/dos/44327.py id EDB-ID:44327 last seen 2018-05-24 modified 2018-03-23 platform android port published 2018-03-23 reporter Exploit-DB source https://www.exploit-db.com/download/44327/ title Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read type dos description Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure. CVE-2017-13258,CVE-2017-13260,CVE-2017-13261,CVE-2017-13262. Dos exploit for Android platform file exploits/android/dos/44326.py id EDB-ID:44326 last seen 2018-05-24 modified 2018-03-23 platform android port published 2018-03-23 reporter Exploit-DB source https://www.exploit-db.com/download/44326/ title Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure type dos
Packetstorm
data source https://packetstormsecurity.com/files/download/146884/androidbtbnep-disclose.txt id PACKETSTORM:146884 last seen 2018-03-25 published 2018-03-23 reporter QuarksLab source https://packetstormsecurity.com/files/146884/Android-Bluetooth-BNEP-bnep_data_ind-Remote-Heap-Disclosure.html title Android Bluetooth BNEP bnep_data_ind() Remote Heap Disclosure data source https://packetstormsecurity.com/files/download/146883/androidbnep-oob.txt id PACKETSTORM:146883 last seen 2018-03-25 published 2018-03-23 reporter QuarksLab source https://packetstormsecurity.com/files/146883/Android-Bluetooth-BNEP-BNEP_SETUP_CONNECTION_REQUEST_MSG-Out-Of-Bounds-Read.html title Android Bluetooth BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-Of-Bounds Read
References
- http://www.securityfocus.com/bid/103253
- http://www.securityfocus.com/bid/103253
- https://source.android.com/security/bulletin/2018-03-01
- https://source.android.com/security/bulletin/2018-03-01
- https://www.exploit-db.com/exploits/44326/
- https://www.exploit-db.com/exploits/44326/
- https://www.exploit-db.com/exploits/44327/
- https://www.exploit-db.com/exploits/44327/