← back
CVE-2016-0846

CVE-2016-0846

EPSS 1.2%
libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26877992.
Affected products
n/a · n/a
public PoCs found4
githubgithub.com/secmob/CVE-2016-084636githubgithub.com/b0b0505/CVE-2016-0846-PoC1cve_referencewww.exploit-db.com/exploits/39686/unverifiedexploitdbwww.exploit-db.com/exploits/39686unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://android.googlesource.com/platform/frameworks/native/+/f3199c228aced7858b75a8070b8358c155ae0149http://source.android.com/security/bulletin/2016-04-02.htmlhttps://www.exploit-db.com/exploits/39686/