CVE-2018-9480Out-of-bounds Read in Google Android

CWE-125Out-of-bounds Read3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.5%
top 32.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Android
Timeline
PublishedNov 20

Description

In bta_hd_get_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to improper input validation. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5google/android8, 9+1
NVDgoogle/android8.0, 8.1, 9.0+2

Patches

Patch: source.android.com

🔴Vulnerability Details

1
GHSA
GHSA-3vj4-j93w-77x3: In bta_hd_get_report_act of bta_hd_act2024-11-20

📋Vendor Advisories

1
Android
CVE-2018-9480: Android Security Bulletin 2018-09-01 CVE: CVE-2018-9480 Severity: HIGH Type: ID Affected AOSP versions: 82018-09-01