CVE-2018-9355

2018-06-0100:00:00

Scott Bauer (@ScottyBauer1)

www.androidvulnerabilities.org

0.001 Low

EPSS

Percentile

48.0%

JSON

In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74016921.

CPENameOperatorVersion
androidlt7.0
androidlt8.0
androidlt7.1.1
androidlt8.1
androidlt7.1.2
androidlt6.0.1
androidlt6.0

Name	Operator	Version
android	lt	7.0
android	lt	8.0
android	lt	7.1.1
android	lt	8.1
android	lt	7.1.2
android	lt	6.0.1
android	lt	6.0

References

android.googlesource.com/platform/system/bt/+/99a263a7f04c5c6f101388007baa18cf1e8c30bf

nvd.nist.gov/vuln/data-feeds

source.android.com/security/bulletin/2018-06-01.html

source.android.com/security/overview/acknowledgements

0.001 Low

EPSS

Percentile

48.0%

JSON

Related for ANDROID:CVE-2018-9355