CVE-2017-8259

HIGH

Google Android - Buffer Overflow

Title source: rule

Description

In the service locator in all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow can occur as the variable set for determining the size of the buffer is not used to indicate the size of the buffer.

Exploits (1)

github WORKING POC 682 stars

by ScottyBauer · cpoc

https://github.com/ScottyBauer/Android_Kernel_CVE_POCs/tree/master/CVE-2017-8259

View Code ZIP pw:eip

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/99465

[Patch, Vendor Advisory] https://source.android.com/security/bulletin/2017-07-01

Scores

CVSS v3 7.8

EPSS 0.0008

EPSS Percentile 24.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-120

Status published

Products (2)

google/android

Qualcomm, Inc./All Qualcomm products All Android releases from CAF using the Linux kernel

Published Aug 11, 2017

Tracked Since Feb 18, 2026