CVE-2011-1001
Android SDK < 2.3 - Denial of Service via Malformed APK or Dex File
Title source: llmDescription
dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method.
References (2)
Core 2
Core References
Patch x_refsource_confirm
http://android.git.kernel.org/?p=platform/dalvik.git%3Ba=commit%3Bh=4b0750e8df91220690bb417f45d7ae8b7851b220
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2011/Mar/329
Scores
EPSS
0.0123
EPSS Percentile
65.4%
Details
CWE
CWE-20
Status
published
Products (7)
google/android_sdk
1.1
google/android_sdk
1.5
google/android_sdk
1.6
google/android_sdk
2.0
google/android_sdk
2.0.1
google/android_sdk
2.1
google/android_sdk
< 2.2
Published
Jul 08, 2011
Tracked Since
Feb 18, 2026