QwikSec

Security Database

CVE

CWE

Training

CVE-2011-1001

Published: Jul 8, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://android.git.kernel.org/?p=platform/dalvik.git%3Ba=commit%3Bh=4b0750e8df91220690bb417f45d7ae8b7851b220

x_refsource_CONFIRM

20110328 Android SDK: Segmentation fault with dexdump / dexDecodeDebugInfo

mailing-list

x_refsource_FULLDISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.