Project

General

Profile

Issue #1311

Android KeyStore Stack Buffer Overflow - CVE-2014-3100

Added by My Self almost 6 years ago. Updated almost 6 years ago.

Status:
Rejected
Priority:
High
Assignee:
Category:
Security
Target version:
Start date:
03/30/2015
Due date:
% Done:

100%

Estimated time:
Resolution:
invalid
Device:
Grant:
Type of work:

Description

Replicant seems not to be affected to the vulnerability, listed here: http://redmine.replicant.us/boards/39/topics/8283?r=10425#message-10425
More details: https://securityintelligence.com/android-keystore-stack-buffer-overflow-to-keep-things-simple-buffers-are-always-larger-than-needed/
But why not adding the the "test for keystore crashing"-patch anyway?

Solution/Patches
AOSP patch: https://android.googlesource.com/platform/cts/+/cb35803


Files

CVE-2014-3100.zip (2.96 KB) CVE-2014-3100.zip My Self, 08/26/2015 11:42 AM

Also available in: Atom PDF