CVE-2022-36938
EUVD-2022-3959611.11.2022, 00:15
DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| redex | 𝑥 < 2022-11-04 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-125 - Out-of-bounds ReadThe software reads data past the end, or before the beginning, of the intended buffer.
- CWE-1284 - Improper Validation of Specified Quantity in InputThe product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.