CVE-2011-1001 - OpenCVE

dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Google	Android Sdk

Configuration 1 [-]

OR	cpe:2.3:a:google:android_sdk::::::::
	cpe:2.3:a:google:android_sdk:1.1:::::::*
	cpe:2.3:a:google:android_sdk:1.5:::::::*
	cpe:2.3:a:google:android_sdk:1.6:::::::*
	cpe:2.3:a:google:android_sdk:2.0:::::::*
	cpe:2.3:a:google:android_sdk:2.0.1:::::::*
	cpe:2.3:a:google:android_sdk:2.1:::::::*

References

Link	Resource
http://android.git.kernel.org/?p=platform/dalvik.git%3Ba=commit%3Bh=4b0750e8df91220690bb417f45d7ae8b7851b220
http://seclists.org/fulldisclosure/2011/Mar/329

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2011-07-08T17:00:00

Updated: 2011-09-07T09:00:00

Reserved: 2011-02-14T00:00:00

Link: CVE-2011-1001

JSON object: View

NVD Information

Status : Modified

Published: 2011-07-08T17:55:00.960

Modified: 2023-11-07T02:06:55.477

Link: CVE-2011-1001

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-05-27T00:00:00", "descriptions": [{"lang": "en", "value": "dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-09-07T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://android.git.kernel.org/?p=platform/dalvik.git%3Ba=commit%3Bh=4b0750e8df91220690bb417f45d7ae8b7851b220"}, {"name": "20110328 Android SDK: Segmentation fault with dexdump / dexDecodeDebugInfo", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2011/Mar/329"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-1001", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://android.git.kernel.org/?p=platform/dalvik.git;a=commit;h=4b0750e8df91220690bb417f45d7ae8b7851b220", "refsource": "CONFIRM", "url": "http://android.git.kernel.org/?p=platform/dalvik.git;a=commit;h=4b0750e8df91220690bb417f45d7ae8b7851b220"}, {"name": "20110328 Android SDK: Segmentation fault with dexdump / dexDecodeDebugInfo", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2011/Mar/329"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1001", "datePublished": "2011-07-08T17:00:00", "dateReserved": "2011-02-14T00:00:00", "dateUpdated": "2011-09-07T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:android_sdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "78801896-CCF5-4020-9AF3-F0C46C51BFF9", "versionEndIncluding": "2.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:android_sdk:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "0DB46A7A-8BA6-43C7-97A6-ECA620D21A1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:android_sdk:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "7D4839F4-53B9-4744-8EF1-CECBADCA9916", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:android_sdk:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "89184F6B-3367-4808-B76F-1F95FBC08B38", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:android_sdk:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "699EC2A8-1CD3-4DFA-86BC-18E2D5533AC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:android_sdk:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "8DE3392E-FD2A-4081-9D84-7C014E98BEE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:android_sdk:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7D71C1A6-930F-43C3-8B16-77BE5C14BF81", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method."}, {"lang": "es", "value": "dexdump en Android SDK antes de v2.3 no realiza correctamente la verificaci\u00f3n estructural, lo que permite a atacantes remotos asistidos por el usuario provocar una denegaci\u00f3n de servicio (ca\u00edda de dexdump) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo APK o dex mal formado que llama a un m\u00e9todo usando mas argumentos que el n\u00famero que ha sido declarado para ese m\u00e9todo."}], "id": "CVE-2011-1001", "lastModified": "2023-11-07T02:06:55.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-07-08T17:55:00.960", "references": [{"source": "secalert@redhat.com", "url": "http://android.git.kernel.org/?p=platform/dalvik.git%3Ba=commit%3Bh=4b0750e8df91220690bb417f45d7ae8b7851b220"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/fulldisclosure/2011/Mar/329"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}