CVE-2018-9503

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-80432928

En rfc_process_mx_message de rfc_ts_frames.cc, hay una posible lectura fuera de límites debido a la falta de una comprobación de límites. Esto podría llevar a una divulgación remota de información sin necesitar privilegios de ejecución adicionales. No se necesita interacción del usuario para explotarlo. Producto: Versiones de Android: Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 y Android-9.0. Android ID: A-80432928

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-04-05 CVE Reserved
2018-10-02 CVE Published
2024-09-11 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-125: Out-of-bounds Read

CAPEC

References (8)

URL	Tag	Source
http://www.securityfocus.com/bid/105482	Third Party Advisory
https://android.googlesource.com/platform/system/bt/+/92a7bf8c44a236607c146240f3c0adc1ae01fedf%2C	X_refsource_misc
https://android.googlesource.com/platform/system/bt/+/d4a34fefbf292d1e02336e4e272da3ef1e3eef85%2C	X_refsource_misc
https://source.android.com/security/bulletin/2018-10-01%2C	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC
https://android.googlesource.com/platform/system/bt/+/92a7bf8c44a236607c146240f3c0adc1ae01fedf	2023-11-07
https://android.googlesource.com/platform/system/bt/+/d4a34fefbf292d1e02336e4e272da3ef1e3eef85	2023-11-07
https://source.android.com/security/bulletin/2018-10-01	2023-11-07

URL	Date	SRC
https://android.googlesource.com/platform/system/bt/+/9fe27a9b445f7e911286ed31c1087ceac567736b	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Google Search vendor "Google"		Android Search vendor "Google" for product "Android"				7.0 Search vendor "Google" for product "Android" and version "7.0"		-		Affected
Google Search vendor "Google"		Android Search vendor "Google" for product "Android"				7.1.1 Search vendor "Google" for product "Android" and version "7.1.1"		-		Affected
Google Search vendor "Google"		Android Search vendor "Google" for product "Android"				7.1.2 Search vendor "Google" for product "Android" and version "7.1.2"		-		Affected
Google Search vendor "Google"		Android Search vendor "Google" for product "Android"				8.0 Search vendor "Google" for product "Android" and version "8.0"		-		Affected
Google Search vendor "Google"		Android Search vendor "Google" for product "Android"				8.1 Search vendor "Google" for product "Android" and version "8.1"		-		Affected
Google Search vendor "Google"		Android Search vendor "Google" for product "Android"				9.0 Search vendor "Google" for product "Android" and version "9.0"		-		Affected