Lucene search

Zinuo Han of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd.ANDROID:CVE-2018-9450

HistoryAug 01, 2018 - 12:00 a.m.

CVE-2018-9450

2018-08-0100:00:00

Zinuo Han of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd.

www.androidvulnerabilities.org

0.003 Low

EPSS

Percentile

68.4%

JSON

In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79541338.

CPENameOperatorVersion
androidlt7.0
androidlt8.0
androidlt7.1.1
androidlt8.1
androidlt7.1.2
androidlt6.0.1
androidlt6.0

Name	Operator	Version
android	lt	7.0
android	lt	8.0
android	lt	7.1.1
android	lt	8.1
android	lt	7.1.2
android	lt	6.0.1
android	lt	6.0

References

android.googlesource.com/platform/system/bt/+/bc259b4926a6f9b33b9ee2c917cd83a55f360cbf

nvd.nist.gov/vuln/data-feeds

source.android.com/security/bulletin/2018-08-01.html

source.android.com/security/overview/acknowledgements

0.003 Low

EPSS

Percentile

68.4%

JSON

Related for ANDROID:CVE-2018-9450