Out-of-bounds Write Vulnerability in Audioserver with Local Information Disclosure

Out-of-bounds Write Vulnerability in Audioserver with Local Information Disclosure

CVE-2017-13232 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:N/A:N

In audioserver, there is an out-of-bounds write due to a log statement using %s with an array that may not be NULL terminated. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68953950.

Learn more about our Cis Benchmark Audit For Apple Ios.