Denial of Service Vulnerability in Android SDK by Google
CVE-2011-1001

Currently unrated

Key Information:

Vendor: Google
Status: Android Sdk
Vendor: CVE Published:; 8 July 2011

What is CVE-2011-1001?

The dexdump tool in the Android SDK, prior to version 2.3, is susceptible to improper structural verification. This flaw allows user-assisted remote attackers to trigger a denial of service via a specially crafted APK or dex file that invokes methods with incorrect argument counts exceeding declared registers. This could result in the dexdump crashing and potentially executing arbitrary code if exploited.

References

http://android.git.kernel.org/?p=platform/dalvik.git%3Ba=...

x_refsource_CONFIRM

http://seclists.org/fulldisclosure/2011/Mar/329

mailing-listx_refsource_FULLDISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2011
Vulnerability Reserved
Feb 14, 2011