Computer Security
[EN] no-pyccku

Android / MIUI multiple security vulnerabilities
SecurityVulns ID:14005
Threat Level:
Description:Browser CSP restrictions bypass is possible, DoS via NFC, Keystore buffer overflow.
Affected:ANDROID : Android 4.3
 MIUI : MIUI 4.1
CVE:CVE-2014-3100 (Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name.)
Original documentdocumentvuln_(at), MIUI Torch Open Vulnerability (14.10.2014)
 documentvuln_(at), MIUI Wifi Connection Message Vulnerability (14.10.2014)
 documentvuln_(at), Android Bluetooth Pairing Packet Processing Vulnerability(by wangzq from NCNIPC) (14.10.2014)
 documentvuln_(at), Android NFC Service Denial of Service (14.10.2014)
 documentRoee Hay, Android KeyStore Stack Buffer Overflow (CVE-2014-3100) (14.10.2014)
 documentevanjjohns_(at), CSP Bypass in android browser prior to 4.4 (14.10.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod