CVE-2017-0553

HIGH

Android 5.0.2 5.1.1 6.0 6.0.1 7.0 7.1.1 - Elevation of Privilege via libnl Integer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-0553. PoCs published by codecat007.

AI-analyzed exploit summary The PoC demonstrates a Netlink message allocation and manipulation vulnerability in Android, likely leading to a denial-of-service (DoS) or memory corruption. The code allocates a Netlink message and appends an oversized payload, which could trigger the vulnerability.

Description

An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl before 3.3.0 library.

Exploits (1)

github WORKING POC 8 stars

by codecat007 · cpoc

https://github.com/codecat007/cvehub/tree/main/android/securityPatch/CVE-2017-0553

View Code ZIP pw:eip

The PoC demonstrates a Netlink message allocation and manipulation vulnerability in Android, likely leading to a denial-of-service (DoS) or memory corruption. The code allocates a Netlink message and appends an oversized payload, which could trigger the vulnerability.

Classification

Working Poc 80%

Attack Type

Dos

Complexity

Moderate

Reliability

Theoretical

Target: Android (specific version not specified)

No auth needed

Prerequisites: Access to the target system's Netlink interface

MITRE ATT&CK