CVE-2013-1773

Linux Kernel < 3.3 - Buffer Overflow in VFAT Filesystem UTF-8 to UTF-16 Conversion

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-1773. PoCs published by G13.

AI-analyzed exploit summary This exploit triggers a local DoS in Android kernels 2.6 by writing a filename of 2048+ characters to the sdcard (vfat fs) repeatedly, causing a system restart. The PoC demonstrates the vulnerability by creating an overly long filename and attempting to open it in a loop.

Description

Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion.

Exploits (1)

exploitdb WORKING POC VERIFIED

by G13 · textdosandroid

https://www.exploit-db.com/exploits/23248

View Code ZIP pw:eip

This exploit triggers a local DoS in Android kernels 2.6 by writing a filename of 2048+ characters to the sdcard (vfat fs) repeatedly, causing a system restart. The PoC demonstrates the vulnerability by creating an overly long filename and attempting to open it in a loop.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Android Kernel 2.6 (Android 2.2, 2.3)

No auth needed

Prerequisites: Access to the device's sdcard directory · Android device with kernel 2.6

MITRE ATT&CK