CVE-2017-11013

HIGH

Google Android - Buffer Overflow

Title source: rule

Description

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, countOffset (in function UnpackCore) is increased for each loop, while there is no boundary check against "pIe->arraybound".

Exploits (1)

github WORKING POC 682 stars

by ScottyBauer · cpoc

https://github.com/ScottyBauer/Android_Kernel_CVE_POCs/tree/master/wifi/CVE-2017-11013.c

View Code ZIP pw:eip

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/101774

[Patch, Vendor Advisory] https://source.android.com/security/bulletin/2017-11-01

Scores

CVSS v3 7.8

EPSS 0.0007

EPSS Percentile 21.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-120

Status published

Products (2)

google/android

Qualcomm, Inc./Android for MSM, Firefox OS for MSM, QRD Android All Android releases from CAF using the Linux kernel

Published Nov 16, 2017

Tracked Since Feb 18, 2026