CVE-2014-1909

Published: May 14, 2014Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge (ADB) for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based buffer overflow.

Affected (4)

Products: Google: Android Debug Bridge, Android Sdk Platform Tools · Opensuse: Opensuse

2 products

Android Debug Bridge

Android Sdk Platform Tools

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Google Android Debug Bridge	All versions
Google Android Sdk Platform Tools	Version 18.0.1
Opensuse Opensuse	Version 12.3
Opensuse Opensuse	Version 13.1

Related CWEs

References (10)

http://lists.opensuse.org/opensuse-updates/2014-05/msg00038.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2014-05/msg00039.html

Source: cve@mitre.org

http://seclists.org/oss-sec/2014/q1/291

Source: cve@mitre.org

http://www.securityfocus.com/bid/65403

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/91291

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2014-05/msg00038.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2014-05/msg00039.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/oss-sec/2014/q1/291

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/65403

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/91291

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.