Android Dexdump Buffer Overflow

Android Dexdump, tested on Nexus 4 with Android 5.1.1, was found to have a buffer overflow vulnerability.

MD5 | beba8773ab7dd8bbd262ba56aaa9caa8

Title : Android Dexdump Buffer Overflow Vulnerability
Discoverer: Veysel HATAS ([email protected])
Web page :
Test: Nexus 4 Android 5.1.1
Status: Not Fixed
Severity : High

Discovered: 04 February 2018
Reported: 03 August 2018
Published: -

Description : dexdump contains a flaw that is triggered as user-supplied
input is not properly sanitized when handling a specially crafted dex file.
This bug is triggeredin a/system/lib/" native library. This may
allow a context-dependent attacker to corrupt memory and cause a denial of
service or potentially execute arbitrary code.

Veysel HATAA
Security Researcher

PGP key:

Related Posts