CVE-2017-18067

CRITICAL

Android - Buffer Overflow in lim_send_auth_mgmt_frame

Title source: llm
STIX 2.1

Description

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation while processing an encrypted authentication management frame in lim_send_auth_mgmt_frame() leads to buffer overflow.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2018-03-01
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/103254

Scores

CVSS v3 9.8
EPSS 0.0307
EPSS Percentile 86.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119 CWE-20
Status published
Products (1)
google/android
Published Mar 15, 2018
Tracked Since Feb 18, 2026