CVE-2024-34740

HIGH

Android - Integer Overflow in BinaryXmlSerializer

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-34740. PoCs published by michalbednarski.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-34740, leveraging a vulnerability in Android's Binary XML format to achieve privilege escalation by manipulating the `install_sessions.xml` file. The exploit involves injecting a malicious byte array to alter the installation path, allowing arbitrary code execution within the `system_server` context.

Description

In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Exploits (1)

nomisec WORKING POC 51 stars

by michalbednarski · poc

https://github.com/michalbednarski/AbxOverflow

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2024-34740, leveraging a vulnerability in Android's Binary XML format to achieve privilege escalation by manipulating the `install_sessions.xml` file. The exploit involves injecting a malicious byte array to alter the installation path, allowing arbitrary code execution within the `system_server` context.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Android (specific versions affected by CVE-2024-34740)

No auth needed

Prerequisites: Access to an Android device with the vulnerable Binary XML parser · Ability to write to the `install_sessions.xml` file

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List, Patch

https://android.googlesource.com/platform/frameworks/base/+/e8b6505647be558ed3a167a1e13c53dfc227d22b

Mailing List, Patch

https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/700c28908051ceb55e1456d2d21229bc17c6895a

Patch, Vendor Advisory

https://source.android.com/security/bulletin/2024-08-01

Scores

CVSS v3 7.8

EPSS 0.0015

EPSS Percentile 4.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-190 CWE-91

Status published

Products (4)

google/android 12.0

google/android 12.1

google/android 13.0

google/android 14.0

Published Aug 15, 2024

Tracked Since Feb 18, 2026