3.3
LOW

CVE-2018-9593

Published: 11/02/2019 Updated: 12/02/2019
CVSS v2 Base Score: 3.3 | Impact Score: 2.9 | Exploitability Score: 6.5
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

Vulnerability Summary

In llcp_dlc_proc_i_pdu of llcp_dlc.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116722267.

Vector: AV:A/AC:L/Au:N/C:P/I:N/A:N
Access Complexity: LOW
Authentication: NONE
Access Vector: ADJACENT_NETWORK
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Vulnerability Trend

Affected Products

Vendor Product Versions
GoogleAndroid7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0

References