CVE-2018-9565Out-of-bounds Read in INC Android

CWE-125Out-of-bounds ReadCWE-190Integer Overflow or Wraparound4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 30.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google INC AndroidGoogle Android
Timeline
PublishedDec 6
Latest updateMay 13

Description

In readBytes of xltdecwbxml.c, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-16680558.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5google_inc/androidAndroid-16680558

🔴Vulnerability Details

2
GHSA
GHSA-2qh8-m26v-vcw7: In readBytes of xltdecwbxml2022-05-13
CVEList
CVE-2018-9565: In readBytes of xltdecwbxml2018-12-06

📋Vendor Advisories

1
Android
CVE-2018-9565: OMA-DM2018-12-01
CVE-2018-9565 — Out-of-bounds Read in INC Android | cvebase