Possible Out of Bounds Write in attp_build_value_cmd Could Lead to Remote Code Execution

CVE-2024-0039

Currently unrated 🤨

Key Information

Vendor: Google
Status: Android
Vendor: CVE Published:; 11 March 2024

Badges

👾 Exploit Exists🔴 Public PoC📰 News Worthy

Summary

In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Version(s)

Android = 14

Android = 13

Android = 12L

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-0039-Exploit
Created by 41yn14

News Articles

securityonline.info

CVE-2024-0039

CVE-2024-0039: Critical Android Remote Code Execution Vulnerability

CVE-2024-0039 is a critical security flaw in the System component that could lead to RCE with no additional execution privileges needed

9 months ago

Timeline

👾
Exploit exists.
Aug 2, 2024
Vulnerability published.
Mar 11, 2024
First article discovered by securityonline.info
Mar 4, 2024
Vulnerability Reserved.
Nov 16, 2023

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)1 News Article(s)