CVE-2022-36938

Summary

DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file.

Affected Software

VendorProductVersion RangeStatus
FacebookRedexunspecified < 3b44c64affected

Weaknesses

  • CWE-125: CWE-125: Out-of-bounds Read, CWE-822: Untrusted Pointer Dereference

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References