4119 results (0.216 seconds)

CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0

In intr_data_copy_cb of btif_hd.cc, there is a possible out of bounds read due to an integer overflow. • https://source.android.com/security/bulletin/2018-09-01 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound

CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0

In bta_hd_set_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to an integer overflow. • https://source.android.com/security/bulletin/2018-09-01 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

In xmlMemStrdupLoc of xmlmemory.c, there is a possible out-of-bounds write due to an integer overflow. • https://source.android.com/security/bulletin/2018-09-01 • CWE-190: Integer Overflow or Wraparound

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. •

CVSS: -EPSS: 0%CPEs: -EXPL: 0

Supplying a length less than 3 leads to a buffer overflow in a buffer that is allocated later. It is simultaneously possible to cause another integer overflow by supplying large length values because the provided length value is increased by a few bytes to account for additional information that is supposed to be stored there. • https://github.com/mbed-ce/mbed-os/blob/54e8693ef4ff7e025018094f290a1d5cf380941f/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/hci/dual_chip/hci_evt.c#L2748 https://github.com/mbed-ce/mbed-os/pull/386 •