Integer Overflow Vulnerability in Bionic libc for Android
CVE-2012-2674

Currently unrated

Key Information:

Vendor: Google
Status: Bionic
Vendor: CVE Published:; 25 July 2012

Summary

Multiple integer overflow vulnerabilities exist in the chk_malloc, leak_malloc, and leak_memalign functions of Bionic libc for Android. When debugging features are enabled, these flaws can allow context-dependent attackers to exploit memory-related vulnerabilities, increasing the risk of attacks such as buffer overflows. By utilizing large size values, attackers may cause low memory allocation, leading to potential memory corruption and application instability.

References

http://kqueue.org/blog/2012/03/05/memory-allocator-securi...

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2012/06/05/1

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2012/06/07/13

mailing-listx_refsource_MLIST

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 25, 2012