Published:2012/11/14  Last Updated:2013/03/05

JVN#74829345
Multiple Android devices vulnerable to denial-of-service (DoS)

Overview

Multiple Android devices contains a denial-of-service (DoS) vulnerability.

Products Affected

A wide range of products are affected.

For more information, refer to the information provided by the developer or distributor.

Description

Multiple Android devices contain an issue when referencing specific system area, which may lead to a denial-of-service (DoS).

Impact

The device may crash as a result of accessing a specific file.

Solution

Update the software
Update to the latest version according to the information provided by the developer or distributor.

Vendor Status

Vendor Status Last Update Vendor Notes
KDDI CORPORATION Vulnerable 2013/01/09 KDDI CORPORATION website
NTT DOCOMO, INC. Vulnerable 2012/11/14 NTT DOCOMO, INC. website
Panasonic Corporation Not Vulnerable 2012/11/14
SoftBank Vulnerable 2013/03/05

References

JPCERT/CC Addendum

It has been confirmed that this issue was not reproducible on the Android emulator.

Vulnerability Analysis by JPCERT/CC

Credit

Tsukasa Oi of Fourteenforty Research Institue, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2012-000102

Update History

2012/11/16
SoftBank update status
2012/12/10
KDDI CORPORATION update status
2012/12/28
KDDI CORPORATION update status
2013/01/09
KDDI CORPORATION update status
2013/02/19
SoftBank update status
2013/03/05
SoftBank update status