What is CVE-2014-7911?

CVE-2014-7911 is a vulnerability in Google Android, classified under CWE-264. Published 2014-12-15.

Is CVE-2014-7911 known to be exploited?

31 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Google Android

CVE-2014-7911

luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allo…

EPSS: 0.822 (99.2th percentile) — read the EPSS interpretation.

Affected products

Google Android — versions 1.0, 1.1, 1.5
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

retme7/CVE-2014-7911_poc
GeneBlue/cve-2014-7911-exp
heeeeen/CVE-2014-7911poc
ele7enxxh/CVE-2014-7911
koozxcv/CVE-2014-7911-CVE-2014-4322_get_root_privilege
koozxcv/CVE-2014-7911
CytQ/CVE-2014-7911_
GhostTroops/TOP
IMCG/awesome-c
JERRY123S/all-poc

References

chrome-cve-admin@google.com (x_refsource_CONFIRM)
20141119 CVE-2014-7911: Android <5.0 Privilege Escalation using ObjectInputStream (mailing-list, x_refsource_FULLDISC)

Frequently asked questions

What is CVE-2014-7911?: CVE-2014-7911 is a vulnerability in Google Android, classified under CWE-264. Published 2014-12-15.
Is CVE-2014-7911 known to be exploited?: 31 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.