CVE-2011-3918 (GCVE-0-2011-3918)
Vulnerability from cvelistv5 – Published: 2012-10-07 15:00 – Updated: 2024-09-16 17:44
VLAI
Summary
The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.ai-lab.it/merlo/publications/DoSAndroid.pdf | x_refsource_MISC |
| https://code.google.com/p/android-source-browsing… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:31.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ai-lab.it/merlo/publications/DoSAndroid.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code.google.com/p/android-source-browsing/source/detail?repo=platform--system--core\u0026r=e7fd911fd42b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-07T15:00:00.000Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ai-lab.it/merlo/publications/DoSAndroid.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code.google.com/p/android-source-browsing/source/detail?repo=platform--system--core\u0026r=e7fd911fd42b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ai-lab.it/merlo/publications/DoSAndroid.pdf",
"refsource": "MISC",
"url": "http://www.ai-lab.it/merlo/publications/DoSAndroid.pdf"
},
{
"name": "https://code.google.com/p/android-source-browsing/source/detail?repo=platform--system--core\u0026r=e7fd911fd42b",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/android-source-browsing/source/detail?repo=platform--system--core\u0026r=e7fd911fd42b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2011-3918",
"datePublished": "2012-10-07T15:00:00.000Z",
"dateReserved": "2011-10-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:44:12.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2011-3918",
"date": "2026-06-03",
"epss": "0.10066",
"percentile": "0.93217"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2011-3918\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2012-10-07T15:55:01.080\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application.\"},{\"lang\":\"es\",\"value\":\"El proceso Zygote en Android v4.0.3 y anteriores acepta peticiones bifurcadas de procesos con diversos UIDs, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (bucle de reinicio) a trav\u00e9s de una aplicaci\u00f3n manipulada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.0.3\",\"matchCriteriaId\":\"67A1EB76-07FB-45BA-8970-9C9F1901DFEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0721FD34-5F94-4828-A8AA-EF70FAB71FC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73CA4D29-321A-41ED-A75A-1EBB14A771C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C354829-6BEB-4C67-972A-60367073753C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"702B40EB-76BC-4686-A46E-D02DBE3A86E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4685EA90-1E01-4FFB-AE31-91FD5D69E2D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"938DC86D-C783-4EFA-9AB6-3ADC8CD7BB41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A33DBF65-09A6-4149-BABE-2FFFBF10C31D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78B69434-13B2-4A43-AEB0-55E0ED403E54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.2:rev1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1755B91-1B6B-4A9E-BB6B-22B399A6DD02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A92E88F-CCED-41D7-AFB7-CE1F9265E546\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D13D3A00-27A0-4635-9D50-05CA81950691\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EB959DB-AFE7-4667-9662-949ADAB81CE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18669EEC-ABB9-4CE4-8C0E-A88BE08EC368\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.3:rev1:*:*:*:*:*:*\",\"matchCriteriaId\":\"61D64B87-F1F1-4E52-86AE-F28E2C43A9A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83AB2497-59DE-4253-A758-A3D03FAEB913\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E197EC0-82DF-49D5-BD1A-7EA22EC0B806\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"286EED24-E011-4009-BC2E-B63CA06072CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D634E2E3-4E8A-4C88-A6BF-DBE7439EB3B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77E6F4DF-F80F-4A9B-871E-155C0D3DD449\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CC08431-C70E-4964-B7C0-C9C45F70DCD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A2A79C6-A7BD-46C2-8320-B9652135F3BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6997F035-D2F5-4174-B979-5D42FF69D9AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1FD2E59-59BF-4611-B65B-A2981127CAC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86BFE05E-9749-43AA-8DB6-E2F13C2E1759\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48DCE4AD-D629-4F0B-AFA8-6CAD061D5FA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DAAB25F-26E4-4493-B3DA-F87240633031\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:3.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96CD6B49-B9D4-493E-902D-B4EF48260BB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:3.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB73EBA4-A9BE-4C40-9E6D-649E89D2C3F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A39C31E3-75C0-4E92-A6B5-7D67B22E3449\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB318EA4-2908-4B91-8DBB-20008FDF528A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F4E46A9-B652-47CE-92E8-01021E57724B\"}]}]}],\"references\":[{\"url\":\"http://www.ai-lab.it/merlo/publications/DoSAndroid.pdf\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://code.google.com/p/android-source-browsing/source/detail?repo=platform--system--core\u0026r=e7fd911fd42b\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.ai-lab.it/merlo/publications/DoSAndroid.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://code.google.com/p/android-source-browsing/source/detail?repo=platform--system--core\u0026r=e7fd911fd42b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…