Incorrect Calculation of Buffer Size

CVE-2017-13315

High

7.8/10

Summary

In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a write size mismatch. This could lead to an elevation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-131 - Incorrect Calculation of Buffer Size

The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

References

Advisory Timeline

Published Nov 19, 2024

Incorrect Calculation of Buffer Size

CVE-2017-13315

Summary

CWE-131 - Incorrect Calculation of Buffer Size

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS