exploitDog

CVE-2018-11985

Опубликовано: 20 дек. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, When allocating heap using user supplied size, Possible heap overflow vulnerability due to integer overflow in roundup to native pointer.

Ссылки

https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin
Patch
Third Party Advisory
https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

EPSS

Процентиль: 4%

0.00019

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

GHSA-w3fj-xm8j-4m4f

CVSS3: 7.8

github

больше 3 лет назад

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, When allocating heap using user supplied size, Possible heap overflow vulnerability due to integer overflow in roundup to native pointer.

EPSS

Процентиль: 4%

0.00019

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-190