CVE-2022-36938 The Redex Loader in DexClassLoader prior to 3b44c64 can load an out of bound address and could lead to remote code execution.

CVE-2022-36938 The Redex Loader in DexClassLoader prior to 3b44c64 can load an out of bound address and could lead to remote code execution.

This issue has been addressed by updating Redex prior to commit 1b0506f. Redex is a fast, efficient and dynamic knowledge management system, which can be used to process 3rd party Android APK files. Redex is publicly available as an open source project on GitHub. Redex uses dex files to load data, including types and fields. These dex files are generated by the Android build system and are validated by the Android Virtual Device (AVD) manager before they are loaded into Redex. Android is an active, dynamic and ever-changing platform, which means that Redex needs to be updated to stay ahead of the curve. Redex is an actively maintained project with a team of active contributors.

What is Redex?

Redex is a knowledge management system that has been designed to meet the needs of developers and organizations who work with Android. It serves as a repository for information about 3rd party Android APK files, such as their metadata, types and fields, so that everyone can quickly find what they are looking for and use this information to make the best possible decision when handling these files.
It uses dex files to load data, including types and fields, which are generated by the Android build system and are validated by the Android Virtual Device (AVD) manager before they are loaded into Redex.
Redex is an actively maintained project with a team of active contributors.

Issue description and scope

The issue is with Redex and how it processes 3rd party Android APK files. This issue has been resolved by updating Redex to commit 1b0506f.

CVE-2023-36949

This issue has been addressed by updating Redex prior to commit 1b0506f. Redex is a fast, efficient and dynamic knowledge management system, which can be used to process 3rd party Android APK files. Redex is publicly available as an open source project on GitHub.
Redex uses dex files to load data, including types and fields. These dex files are generated by the Android build system and are validated by the Android Virtual Device (AVD) manager before they are loaded into Redex. Android is an active, dynamic and ever-changing platform, which means that Redex needs to be updated to stay ahead of the curve. Redex is an actively maintained project with a team of active contributors.

Details of Redex

Redex is a knowledge management system written in Java and JavaScript. It is designed to be fast, efficient and dynamic. Redex can be used to process 3rd party Android APK files, extracting information such as types, fields, values and build data. Redex uses dex files to load this data into its database. These dex files are generated by the Android build system and are validated by the AVD manager before they are loaded into Redex.
Redex has a range of features that make it a powerful tool for quickly processing large amounts of data. The main features include:
- Creating queries using SQL syntax
- Executing these queries on multiple results sets
- Processing multiple dex files at the same time
- Parse JSON content (e.g., from ActivityRecorder)
- Provide RESTful services that can be called by other applications

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe