Arbitrary Code Execution via Integer Signedness Error in ADB Client

CVE-2014-1909 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge (ADB) for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based buffer overflow.

Learn more about our Cis Benchmark Audit For Google Android.