CVE-2014-3100
Android 4.3 - Stack-Based Buffer Overflow in KeyStore Service via Long Key Name
Title source: llmDescription
Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name.
References (5)
Core 5
Core References
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/127185/Android-KeyStore-Stack-Buffer-Overflow.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/532527/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/68152
Exploit x_refsource_misc
http://www.slideshare.net/ibmsecurity/android-keystorestackbufferoverflow
Scores
EPSS
0.0176
EPSS Percentile
75.3%
Details
CWE
CWE-119
Status
published
Products (1)
google/android
4.3
Published
Jul 02, 2014
Tracked Since
Feb 18, 2026