We have discovered a stack-based buffer overflow in the Android KeyStore service which affects Android 4.3.
The issue was patched in Android 4.4.
As an anecdote, the vulnerable source code contains the following comment:

/* KeyStore is a secured storage for key-value pairs. In this implementation, 
 * each file stores one key-value pair. Keys are encoded in file names, and
 * values are encrypted with checksums. The encryption key is protected by a 
 * user-defined password. To keep things simple, buffers are always larger than 
 * the maximum space we needed, so boundary checks on buffers are omitted. 
 */ 
Though things are simple, buffers are not always larger than the maximum space they needed. The vulnerability is identified as CVE-2014-3100.

More details are available at:
1. Blog post: http://ibm.co/1pbk4yH
2. Advisory: http://slidesha.re/1nxBnmY