Vulnerability Details : CVE-2014-3100
Potential exploit
Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name.
Vulnerability category: OverflowExecute code
Products affected by CVE-2014-3100
- cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-3100
1.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-3100
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
CWE ids for CVE-2014-3100
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3100
-
http://www.securityfocus.com/bid/68152
Android KeyStore Service CVE-2014-3100 Stack Buffer Overflow Vulnerability
-
http://securityintelligence.com/android-keystore-stack-buffer-overflow-to-keep-things-simple-buffers-are-always-larger-than-needed/
Android KeyStore Stack Buffer OverflowExploit
-
http://www.securityfocus.com/archive/1/532527/100/0/threaded
SecurityFocus
-
http://www.slideshare.net/ibmsecurity/android-keystorestackbufferoverflow
Android KeyStore Stack Buffer Overflow (CVE-2014-3100)Exploit
-
http://packetstormsecurity.com/files/127185/Android-KeyStore-Stack-Buffer-Overflow.html
Android KeyStore Stack Buffer Overflow ≈ Packet Storm
Jump to