Lucene search

[email protected]CVE-2014-3100

HistoryJul 02, 2014 - 4:14 a.m.

CVE-2014-3100

2014-07-0204:14:17

CWE-119

[email protected]

web.nvd.nist.gov

cve-2014-3100

buffer overflow

android security

keystore

nvd

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.0%

JSON

Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name.

Affected configurations

NVD

Node

googleandroidMatch4.3

CPENameOperatorVersion
google:androidgoogle androideq4.3

CPE	Name	Operator	Version
google:android	google android	eq	4.3

References

packetstormsecurity.com/files/127185/Android-KeyStore-Stack-Buffer-Overflow.html

securityintelligence.com/android-keystore-stack-buffer-overflow-to-keep-things-simple-buffers-are-always-larger-than-needed/

www.securityfocus.com/archive/1/532527/100/0/threaded

www.securityfocus.com/bid/68152

www.slideshare.net/ibmsecurity/android-keystorestackbufferoverflow

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.0%

JSON

Related for CVE-2014-3100

securityvulns3 prion1 nvd1 android1 cvelist1