CVE-2018-9593

Опубликовано: 11 фев. 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 3.3

EPSS Низкий

Описание

In llcp_dlc_proc_i_pdu of llcp_dlc.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116722267.

Ссылки

http://www.securityfocus.com/bid/106495
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/2019-01-01.html
Vendor Advisory
http://www.securityfocus.com/bid/106495
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/2019-01-01.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.00049

Низкий

6.5 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-125

Связанные уязвимости

GHSA-39p2-2c3g-mv2f