CVE-2018-9472Integer Overflow or Wraparound in Google Android

CWE-190Integer Overflow or Wraparound3 documents3 sources
Severity
8.8HIGHNVD
EPSS
1.9%
top 16.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Android
Timeline
PublishedNov 20

Description

In xmlMemStrdupLoc of xmlmemory.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5google/android4 versions+3
NVDgoogle/android5 versions+4

Patches

Patch: source.android.com

🔴Vulnerability Details

1
GHSA
GHSA-mr8h-x3p6-5r8q: In xmlMemStrdupLoc of xmlmemory2024-11-20

📋Vendor Advisories

1
Android
CVE-2018-9472: Android Security Bulletin 2018-09-01 CVE: CVE-2018-9472 Severity: HIGH Type: RCE Affected AOSP versions: 72018-09-01