A vulnerability was found in Google Android 2.2/2.3 (Smartphone Operating System). It has been declared as problematic. This vulnerability affects an unknown part of the component Filename Handler. The manipulation with an unknown input leads to a denial of service vulnerability. The CWE definition for the vulnerability is CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. As an impact it is known to affect availability.

The weakness was presented 12/09/2012 by G13 as 69 as confirmed mailinglist post (Bugtraq). The advisory is shared for download at seclists.org. The public release happened without coordination with the vendor. This vulnerability was named CVE-2013-1773. The exploitation appears to be easy. The attack needs to be approached locally. A single authentication is necessary for exploitation. Technical details are unknown but a public exploit is available.

A public exploit has been developed by G13 (G13) and been published immediately after the advisory. It is possible to download the exploit at exploit-db.com. It is declared as proof-of-concept. The commercial vulnerability scanner Qualys is able to test this issue with plugin 350544 (Amazon Linux Security Advisory for kernel: ALAS-2013-200).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the databases at X-Force (80587) and Exploit-DB (23248).

Productinfo

Type

• Smartphone Operating System

Vendor

• Google

Name

• Android

Version

• 2.2
• 2.3

License

• free

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion