Heap Overflow Vulnerability in wma_ndp_end_response_event_handler()

Heap Overflow Vulnerability in wma_ndp_end_response_event_handler()

CVE-2017-18070 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

In wma_ndp_end_response_event_handler(), the variable len_end_rsp is a uint32 which can be overflowed if the value of variable "event->num_ndp_end_rsp_per_ndi_list" is very large which can then lead to a heap overwrite of the heap object end_rsp in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.