What is the severity of CVE-2011-1001?

CVE-2011-1001 has been classified as a medium severity vulnerability.

How do I fix CVE-2011-1001?

To fix CVE-2011-1001, upgrade to a version of the Android SDK later than 2.3.

What does CVE-2011-1001 affect?

CVE-2011-1001 affects versions of the Android SDK prior to 2.3.

What type of attacks can CVE-2011-1001 facilitate?

CVE-2011-1001 can facilitate denial of service attacks and potentially allow arbitrary code execution.

Can CVE-2011-1001 be exploited remotely?

CVE-2011-1001 can be exploited by user-assisted remote attackers using a malformed APK or dex file.

Vulnerability/
CVE-2011-1001

medium

4.3

CWE

8/7/2011

6/8/2024

CVE-2011-1001: Input Validation

First published: Fri Jul 08 2011(Updated: )

dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
Google Android SDK	=1.6
Google Android SDK	=1.5
Google Android SDK	<=2.2
Google Android SDK	=2.1
Google Android SDK	=1.1
Google Android SDK	=2.0
Google Android SDK	=2.0.1

Remedy

http://android.git.kernel.org/?p=platform/dalvik.git;a=commit;h=4b0750e8df91220690bb417f45d7ae8b7851b220

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2011-1001?
CVE-2011-1001 has been classified as a medium severity vulnerability.
How do I fix CVE-2011-1001?
To fix CVE-2011-1001, upgrade to a version of the Android SDK later than 2.3.
What does CVE-2011-1001 affect?
CVE-2011-1001 affects versions of the Android SDK prior to 2.3.
What type of attacks can CVE-2011-1001 facilitate?
CVE-2011-1001 can facilitate denial of service attacks and potentially allow arbitrary code execution.
Can CVE-2011-1001 be exploited remotely?
CVE-2011-1001 can be exploited by user-assisted remote attackers using a malformed APK or dex file.

collector/nvd-historical
collector/nvd-index
collector/nvd-api
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/remedy
agent/last-modified-date
agent/references
agent/description
agent/tags
agent/event
agent/first-publish-date
agent/source
vendor/google
canonical/google android sdk
version/google android sdk/1.6
version/google android sdk/1.5
version/google android sdk/2.2
version/google android sdk/2.1
version/google android sdk/1.1
version/google android sdk/2.0
version/google android sdk/2.0.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2011-1001?
CVE-2011-1001 has been classified as a medium severity vulnerability.
How do I fix CVE-2011-1001?
To fix CVE-2011-1001, upgrade to a version of the Android SDK later than 2.3.
What does CVE-2011-1001 affect?
CVE-2011-1001 affects versions of the Android SDK prior to 2.3.
What type of attacks can CVE-2011-1001 facilitate?
CVE-2011-1001 can facilitate denial of service attacks and potentially allow arbitrary code execution.
Can CVE-2011-1001 be exploited remotely?
CVE-2011-1001 can be exploited by user-assisted remote attackers using a malformed APK or dex file.