Computer Security
[EN] securityvulns.ru no-pyccku


Android / MIUI multiple security vulnerabilities
Published:14.10.2014
Source:
SecurityVulns ID:14005
Type:client
Threat Level:
6/10
Description:Browser CSP restrictions bypass is possible, DoS via NFC, Keystore buffer overflow.
Affected:ANDROID : Android 4.3
 MIUI : MIUI 4.1
CVE:CVE-2014-3100 (Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name.)
Original documentdocumentvuln_(at)_nipc.org.cn, MIUI Torch Open Vulnerability (14.10.2014)
 documentvuln_(at)_nipc.org.cn, MIUI Wifi Connection Message Vulnerability (14.10.2014)
 documentvuln_(at)_nipc.org.cn, Android Bluetooth Pairing Packet Processing Vulnerability(by wangzq from NCNIPC) (14.10.2014)
 documentvuln_(at)_nipc.org.cn, Android NFC Service Denial of Service (14.10.2014)
 documentRoee Hay, Android KeyStore Stack Buffer Overflow (CVE-2014-3100) (14.10.2014)
 documentevanjjohns_(at)_gmail.com, CSP Bypass in android browser prior to 4.4 (14.10.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod