2024-11-26
:
This article describes a critical vulnerability (CVE-2024-0039) in the Android operating system. The vulnerability exists due to a missing bounds check in the attp_build_value_cmd function of att_protocol.cc. This flaw can be exploited by attackers to remotely execute code on an affected device without requiring any additional privileges from the user.
Vulnerability Details:
Platform: Android
Version: Not specified (all versions potentially affected)
Vulnerability: Out-of-bounds write due to missing bounds check
Severity: Critical (allows remote code execution)
Date: Published: 2024-03-11, Last Modified: 2024-11-26
What Undercode Says:
This vulnerability is critical and poses a serious risk to Android devices. It is important to apply security patches from your device manufacturer as soon as they become available. Users should also be cautious when connecting to untrusted Bluetooth devices.
Additional Notes:
A CVSS score has not yet been assigned to this vulnerability.
Specific affected Android versions are not mentioned, but all versions are likely impacted.
Disclaimer: This information is for educational purposes only. It is recommended to consult with a security professional for further guidance.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help