Arbitrary Code Execution Vulnerability in Android Due to Input Validation Flaw
CVE-2024-40673
6.5MEDIUM
Summary
The vulnerability in Android's ZipFile.java allows attackers to exploit improper input validation during Dynamic Code Loading. By manipulating this aspect, an attacker can execute arbitrary code without needing additional privileges or user interaction. This flaw poses a significant risk as it enables potential remote code execution, compromising system integrity and security.
Affected Version(s)
Android 14
Android 13
Android 12L
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved