CVE-2022-36938

Published: Nov 10, 2022

Modified: May 1, 2025

PUBLISHED

Description

DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file.

Vendor	Product	Versions
Facebook	Redex	affected `unspecified - < 3b44c64`

Weaknesses (CWE)

CWE-125

References

https://github.com/facebook/redex/commit/3b44c640346b77bfb7ef36e2413688dd460288d2

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-36938

Description

Affected Products

Weaknesses (CWE)

References