Vulnerability Description
Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRush to trigger a use-after-free error.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | 2.2 |
Related Weaknesses (CWE)
References
- http://code.google.com/p/android/issues/detail?id=21681
- http://www.openwall.com/lists/oss-security/2011/11/08/3
- http://www.openwall.com/lists/oss-security/2011/11/08/4
- http://www.openwall.com/lists/oss-security/2011/11/10/1
- https://github.com/revolutionary/zergRush/blob/master/zergRush.c
- http://code.google.com/p/android/issues/detail?id=21681
- http://www.openwall.com/lists/oss-security/2011/11/08/3
- http://www.openwall.com/lists/oss-security/2011/11/08/4
- http://www.openwall.com/lists/oss-security/2011/11/10/1
- https://github.com/revolutionary/zergRush/blob/master/zergRush.c
FAQ
What is CVE-2011-3874?
CVE-2011-3874 is a vulnerability with a CVSS score of 9.3 (HIGH). Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the Fram...
How severe is CVE-2011-3874?
CVE-2011-3874 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-3874?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android.