CVE-2018-9452

Опубликовано: 02 окт. 2018

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

In getOffsetForHorizontal of Layout.java, there is a possible application hang due to a slow width calculation. This could lead to remote denial of service if a contact with many hidden unicode characters were sent to the device and used by a local app, with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-78464361

Ссылки

http://www.securityfocus.com/bid/105484
Third Party Advisory
VDB Entry
https://android.googlesource.com/platform/frameworks/base/+/3b6f84b77c30ec0bab5147b0cffc192c86ba2634
Patch
Third Party Advisory
https://android.googlesource.com/platform/frameworks/base/+/54f661b16b308cf38d1b9703214591c0f83df64d%2C
https://source.android.com/security/bulletin/2018-10-01%2C
http://www.securityfocus.com/bid/105484
Third Party Advisory
VDB Entry
https://android.googlesource.com/platform/frameworks/base/+/3b6f84b77c30ec0bab5147b0cffc192c86ba2634
Patch
Third Party Advisory
https://android.googlesource.com/platform/frameworks/base/+/54f661b16b308cf38d1b9703214591c0f83df64d%2C
https://source.android.com/security/bulletin/2018-10-01%2C

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00374

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-mgh7-6w7f-4f7f

CVSS3: 5.5

github

больше 3 лет назад

BDU:2018-01164

CVSS3: 7.5

fstec

больше 7 лет назад

Уязвимость функции getOffsetForHorizontal компонента Framework операционной системы Android, позволяющая нарушителю вызвать отказ в обслуживании