5
MEDIUM

CVE-2018-9592

Published: 11/02/2019 Updated: 12/02/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

Vulnerability Summary

In mca_ccb_hdl_rsp of mca_cact.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116319076.

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Access Complexity: LOW
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Vulnerability Trend

Affected Products

Vendor Product Versions
GoogleAndroid7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0

References