CVE-2018-9490

State: PUBLISHED · Published: 2018-10-02 · Updated: 2024-09-16 · Assigner: google_android

Description

In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111274046

CWE

(none)

Affected

Google Inc. / Android — v=Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 [affected]

CVSS

(none)

References

https://android.googlesource.com/platform/external/chromium-libpac/+/948d4753664cc4e6b33cc3de634ac8fd5f781382%2C x_refsource_MISC
https://source.android.com/security/bulletin/2018-10-01%2C x_refsource_CONFIRM
http://www.securityfocus.com/bid/105484 vdb-entry, x_refsource_BID
https://android.googlesource.com/platform/external/v8/+/a24543157ae2cdd25da43e20f4e48a07481e6ceb x_refsource_MISC

Source

cvelistV5-main/cves/2018/9xxx/CVE-2018-9490.json