CVE-2018-9370 — Out-of-bounds Write in Google Android

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

7.3HIGHNVD

EPSS

0.0%

top 86.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Android

Timeline

PublishedNov 19

Description

In download.c there is a special mode allowing user to download data into memory and causing possible memory corruptions due to missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5google/androidSoCVersion

▶googlegoogle/android

🔴Vulnerability Details

GHSA

GHSA-g42v-m6jh-g8qw: In download↗2024-11-19

▶

📋Vendor Advisories

Android

CVE-2018-9370: bootloader↗2018-06-01

▶