Unrated severityNVD Advisory· Published May 14, 2014· Updated May 6, 2026

CVE-2014-1909

Description

Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge (ADB) for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based buffer overflow.

Affected products

Google/Android Debug Bridge
cpe:2.3:a:google:android_debug_bridge:-:*:*:*:*:*:*:*
Google/Android Sdk Platform Tools
cpe:2.3:a:google:android_sdk_platform_tools:18.0.1:*:*:*:*:*:*:*
OpenSUSE/openSUSE2 versions
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/65403nvdExploit
lists.opensuse.org/opensuse-updates/2014-05/msg00038.htmlnvd
lists.opensuse.org/opensuse-updates/2014-05/msg00039.htmlnvd
seclists.org/oss-sec/2014/q1/291nvd
exchange.xforce.ibmcloud.com/vulnerabilities/91291nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000