We have discovered a stack-based buffer overflow in the Android KeyStore service which affects Android 4.3.
The issue was patched in Android 4.4.
As an anecdote, the vulnerable source code contains the following comment:
/* KeyStore is a secured storage for key-value pairs. In this implementation,
* each file stores one key-value pair. Keys are encoded in file names, and
* values are encrypted with checksums. The encryption key is protected by a
* user-defined password. To keep things simple, buffers are always larger than
* the maximum space we needed, so boundary checks on buffers are omitted.
*/
Though things are simple, buffers are not always larger than the maximum space they needed. The vulnerability is identified as CVE-2014-3100.