CVE-2018-9441

Published: Dec 3, 2024Modified: Dec 18, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Affected (7)

Products: Google: Android

Google

1 product

Android

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Google Android	Version 6.0.1
Google Android	Version 6.0
Google Android	Version 7.0
Google Android	Version 7.1.1
Google Android	Version 7.1.2
Google Android	Version 8.0
Google Android	Version 8.1

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (1)

https://source.android.com/docs/security/bulletin/pixel/2018-08-01

Source: security@android.com

PatchVendor Advisory

Timeline

No history available yet.