CVE-2018-9594

2019-02-1200:00:00

google_android

www.cve.org

AI Score

Confidence

High

EPSS

0.001

Percentile

18.0%

JSON

In llcp_link_proc_agf_pdu of llcp_link.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116791157.

CNA Affected

[
  {
    "product": "Android",
    "vendor": "*** n/a ***",
    "versions": [
      {
        "status": "affected",
        "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9"
      }
    ]
  }
]

References

www.securityfocus.com/bid/106495

source.android.com/security/bulletin/2019-01-01.html