exploitDog

CVE-2018-9522

Опубликовано: 14 нояб. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. This could lead to local escalation of privilege in the system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112550251

Ссылки

http://www.securityfocus.com/bid/105848
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/2018-11-01
Patch
Vendor Advisory
http://www.securityfocus.com/bid/105848
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/2018-11-01
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 4%

0.00018

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-9p67-cmxj-h92h

CVSS3: 7.8

github

больше 3 лет назад

In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. This could lead to local escalation of privilege in the system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112550251

EPSS

Процентиль: 4%

0.00018

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-787