QwikSec

Security Database

CVE

CWE

Training

CVE-2016-2494

Published: Jun 13, 2016

Modified: Aug 5, 2024

PUBLISHED

Description

Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28085658.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://android.googlesource.com/platform/system/core/+/864e2e22fcd0cba3f5e67680ccabd0302dfda45d

x_refsource_CONFIRM

http://packetstormsecurity.com/files/137404/Android-system-bin-sdcard-Stack-Buffer-Overflow.html

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

http://source.android.com/security/bulletin/2016-06-01.html

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.