CVE-2018-9499
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In readVector of iCrypto.cpp, there is a possible invalid read due to uninitialized data. This could lead to local information disclosure from the DRM server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-79218474
En readVector de iCrypto.cpp, hay una posible lectura no válida debido a datos no inicializados. Esto podría llevar a una divulgación de información local del servidor DRM sin necesitar privilegios de ejecución adicionales. No se necesita interacción del usuario para explotarlo. Producto: Versiones de Android: Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 y Android-9.0. Android ID: A-79218474
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-04-05 CVE Reserved
- 2018-10-02 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- 2024-09-17 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-908: Use of Uninitialized Resource
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/105481 | Third Party Advisory | |
| https://source.android.com/security/bulletin/2018-10-01%2C | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://android.googlesource.com/platform/frameworks/av/+/bf7a67c33c0f044abeef3b9746f434b7f3295bb1 | 2024-09-17 |
| URL | Date | SRC |
|---|---|---|
| https://source.android.com/security/bulletin/2018-10-01 | 2023-11-07 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 7.0 Search vendor "Google" for product "Android" and version "7.0" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 7.1.1 Search vendor "Google" for product "Android" and version "7.1.1" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 7.1.2 Search vendor "Google" for product "Android" and version "7.1.2" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 8.0 Search vendor "Google" for product "Android" and version "8.0" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 8.1 Search vendor "Google" for product "Android" and version "8.1" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 9.0 Search vendor "Google" for product "Android" and version "9.0" | - |
Affected
| ||||||