Security Advisory

CVE-2022-36938

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-11-10 00:00:00

Last updated 2025-05-01 13:48:31

Assigner facebook

State PUBLISHED

Description

DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file.

← Browse all CVEs View on cve.org ↗