Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Android KeyStore Service 基于栈的缓冲区溢出漏洞
Vulnerability Description
Google Chrome是美国谷歌(Google)公司开发的一款Web浏览器。Android是美国谷歌(Google)公司和开放手持设备联盟(简称OHA)共同开发的一套以Linux为基础的开源操作系统。 Android 4.3版本的KeyStore服务的/system/bin/keystore URI中的‘encode_key’函数存在基于栈的缓冲区溢出漏洞。远程攻击者可借助长的密钥名利用该漏洞执行任意代码,获取敏感的密钥信息,或绕过加密操作既定的限制。
CVSS Information
N/A
Vulnerability Type
N/A