CVEs-PoC/2017/CVE-2017-13208.md

### [CVE-2017-13208](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13208)
![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=5.1.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.0.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=7.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=7.1.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=7.1.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=8.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=8.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20code%20execution&color=brightgreen)

### Description

In receive_packet of libnetutils/packet.c, there is a possible out-of-bounds write due to a missing bounds check on the DHCP response. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67474440.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ActorExpose/CVE-2017-11882
- https://github.com/idanshechter/CVE-2017-13208-Scanner