CVE-2017-13281

CRITICAL

Android 8.0 8.1 - Remote Code Execution via Stack Buffer Overflow in avrc_pars_browsing_cmd

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-13281. PoCs published by codecat007.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2017-13281, targeting a buffer overflow vulnerability in the Bluedroid Bluetooth stack. The code demonstrates the exploitation of the AVRCP (Audio/Video Remote Control Profile) protocol, specifically in the handling of crafted packets.

Description

In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71603262.

Exploits (1)

github WORKING POC 8 stars
by codecat007 · cpoc
https://github.com/codecat007/cvehub/tree/main/android/Bluedroid/avrcp_CVE-2017-13281.c

This repository contains a functional exploit PoC for CVE-2017-13281, targeting a buffer overflow vulnerability in the Bluedroid Bluetooth stack. The code demonstrates the exploitation of the AVRCP (Audio/Video Remote Control Profile) protocol, specifically in the handling of crafted packets.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Bluedroid Bluetooth stack (Android)
No auth needed
Prerequisites: Bluetooth connectivity to the target device · Target device with vulnerable Bluedroid stack
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2018-04-01

Scores

CVSS v3 9.8
EPSS 0.0150
EPSS Percentile 81.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (2)
google/android 8.0
google/android 8.1
Published Apr 04, 2018
Tracked Since Feb 18, 2026