CVE-2018-9419

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

I

n l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Link	Resource
https://source.android.com/security/bulletin/2018-07-01	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:google:android:7.0:::::::*
	cpe:2.3:o:google:android:7.1.1:::::::*
	cpe:2.3:o:google:android:7.1.2:::::::*
	cpe:2.3:o:google:android:8.0:::::::*
	cpe:2.3:o:google:android:8.1:::::::*

History

22 Nov 2024, 22:07

Type	Values Removed	Values Added
CPE		cpe:2.3:o:google:android:7.0:::::::* cpe:2.3:o:google:android:7.1.2:::::::* cpe:2.3:o:google:android:8.1:::::::* cpe:2.3:o:google:android:7.1.1:::::::* cpe:2.3:o:google:android:8.0:::::::*
References	~~() https://source.android.com/security/bulletin/2018-07-01 -~~	() https://source.android.com/security/bulletin/2018-07-01 - Patch, Vendor Advisory
First Time		Google android Google
CWE		CWE-125

20 Nov 2024, 16:35

Type	Values Removed	Values Added
Summary		(es) En l2cble_process_sig_cmd de l2c_ble.cc, existe una posible lectura fuera de los límites debido a una verificación de los límites faltante. Esto podría provocar la divulgación de información remota sin necesidad de privilegios de ejecución adicionales. No se necesita la interacción del usuario para la explotación.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CWE		CWE-787

19 Nov 2024, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-19 22:15

Updated : 2024-11-22 22:07

NVD link : CVE-2018-9419

Mitre link : CVE-2018-9419

CVE.ORG link : CVE-2018-9419

JSON object : View

Products Affected

android

CWE

CWE-125

Out-of-bounds Read

CWE-787

Out-of-bounds Write

{"id": "CVE-2018-9419", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-11-19T22:15:18.943", "references": [{"url": "https://source.android.com/security/bulletin/2018-07-01", "tags": ["Patch", "Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-125"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."}, {"lang": "es", "value": "En l2cble_process_sig_cmd de l2c_ble.cc, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltante. Esto podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n remota sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."}], "lastModified": "2024-11-22T22:07:33.540", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"}, {"criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C"}, {"criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C"}, {"criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033"}, {"criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}