CVE-2017-13291

HIGH

Android 7.0-8.1 - Denial of Service via NULL Pointer Dereference in avrc_ctrl_pars_vendor_rsp

Title source: llm
STIX 2.1

Description

In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible NULL pointer dereference due to missing bounds checks. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603553.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2018-04-01

Scores

CVSS v3 7.5
EPSS 0.0108
EPSS Percentile 61.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (5)
google/android 7.0
google/android 7.1.1
google/android 7.1.2
google/android 8.0
google/android 8.1
Published Apr 04, 2018
Tracked Since Feb 18, 2026