CVE-2018-9499

State: PUBLISHED · Published: 2018-10-02 · Updated: 2024-09-17 · Assigner: google_android

Description

In readVector of iCrypto.cpp, there is a possible invalid read due to uninitialized data. This could lead to local information disclosure from the DRM server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-79218474

CWE

(none)

Affected

Google Inc. / Android — v=Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 [affected]

CVSS

(none)

References

https://source.android.com/security/bulletin/2018-10-01%2C x_refsource_CONFIRM
http://www.securityfocus.com/bid/105481 vdb-entry, x_refsource_BID
https://android.googlesource.com/platform/frameworks/av/+/bf7a67c33c0f044abeef3b9746f434b7f3295bb1 x_refsource_MISC

Source

cvelistV5-main/cves/2018/9xxx/CVE-2018-9499.json