Google Android 4.3 KeyStore Service Local Stack-based Buffer Overflow
Medium Nessus Plugin ID 77761
SynopsisThe version of Google Android running on the mobile device is affected by a local stack-based buffer overflow in the KeyStore service.
DescriptionThe mobile device is running Google Android version 4.3. It is, therefore, affected by a local stack-based buffer overflow in the KeyStore Service. The issue is due to user-supplied input to the 'encode_key' function in the KeyStore service not being properly validated. This allows a local attacker to execute arbitrary code in the context of the application and to disclose sensitive information.
SolutionUpgrade to Google Android 4.4 or later.