We have discovered a stack-based buffer overflow in the Android KeyStore service which affects Android 4.3.
The issue was patched in Android 4.4.
As an anecdote, the vulnerable source code contains the following comment:

/* KeyStore is a secured storage for key-value pairs. In this implementation, 
 * each file stores one key-value pair. Keys are encoded in file names, and
 * values are encrypted with checksums. The encryption key is protected by a 
 * user-defined password. To keep things simple, buffers are always larger than 
 * the maximum space we needed, so boundary checks on buffers are omitted. 
Though things are simple, buffers are not always larger than the maximum space they needed. The vulnerability is identified as CVE-2014-3100.

More details are available at:
1. Blog post: http://ibm.co/1pbk4yH
2. Advisory: http://slidesha.re/1nxBnmY