CVE-2018-9594

Опубликовано: 11 фев. 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 3.3

EPSS Низкий

Описание

In llcp_link_proc_agf_pdu of llcp_link.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116791157.

Ссылки

http://www.securityfocus.com/bid/106495
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/2019-01-01.html
Vendor Advisory
http://www.securityfocus.com/bid/106495
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/2019-01-01.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.00049

Низкий

6.5 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-125

Связанные уязвимости

GHSA-gf43-558g-52h4