CVE-2018-9507

In bta_av_proc_meta_cmd of bta_av_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111893951

CVSS v3 6.5 MEDIUM
CVSS v2.0 6.1 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

6.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 6.5 / Impact : 6.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/105482	Third Party Advisory VDB Entry
https://android.googlesource.com/platform/system/bt/+/30cec963095366536ca0b1306089154e09bfe1a9	Patch Vendor Advisory
https://source.android.com/security/bulletin/2018-10-01%2C
https://source.android.com/security/bulletin/2018-10-01	Patch Vendor Advisory
http://www.securityfocus.com/bid/105482	Third Party Advisory VDB Entry
https://android.googlesource.com/platform/system/bt/+/30cec963095366536ca0b1306089154e09bfe1a9	Patch Vendor Advisory
https://source.android.com/security/bulletin/2018-10-01%2C

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:google:android:7.0:::::::*
	cpe:2.3:o:google:android:7.1.1:::::::*
	cpe:2.3:o:google:android:7.1.2:::::::*
	cpe:2.3:o:google:android:8.0:::::::*
	cpe:2.3:o:google:android:8.1:::::::*
	cpe:2.3:o:google:android:9.0:::::::*

History

21 Nov 2024, 04:15

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/105482 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/105482 - Third Party Advisory, VDB Entry
References	~~() https://android.googlesource.com/platform/system/bt/+/30cec963095366536ca0b1306089154e09bfe1a9 - Patch, Vendor Advisory~~	() https://android.googlesource.com/platform/system/bt/+/30cec963095366536ca0b1306089154e09bfe1a9 - Patch, Vendor Advisory
References	~~() https://source.android.com/security/bulletin/2018-10-01%2C -~~	() https://source.android.com/security/bulletin/2018-10-01%2C -

07 Nov 2023, 03:01

Type	Values Removed	Values Added
References	{'url': 'https://source.android.com/security/bulletin/2018-10-01,', 'name': 'https://source.android.com/security/bulletin/2018-10-01,', 'tags': ['Broken Link', 'Vendor Advisory'], 'refsource': 'CONFIRM'}	() https://source.android.com/security/bulletin/2018-10-01%2C -

Information

Published : 2018-10-02 19:29

Updated : 2024-11-21 04:15

NVD link : CVE-2018-9507

Mitre link : CVE-2018-9507

CVE.ORG link : CVE-2018-9507

JSON object : View

Products Affected

google

android

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2018-9507", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.1, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2018-10-02T19:29:11.197", "references": [{"url": "http://www.securityfocus.com/bid/105482", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@android.com"}, {"url": "https://android.googlesource.com/platform/system/bt/+/30cec963095366536ca0b1306089154e09bfe1a9", "tags": ["Patch", "Vendor Advisory"], "source": "security@android.com"}, {"url": "https://source.android.com/security/bulletin/2018-10-01%2C", "source": "security@android.com"}, {"url": "https://source.android.com/security/bulletin/2018-10-01", "tags": ["Patch", "Vendor Advisory"], "source": "nvd@nist.gov"}, {"url": "http://www.securityfocus.com/bid/105482", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://android.googlesource.com/platform/system/bt/+/30cec963095366536ca0b1306089154e09bfe1a9", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://source.android.com/security/bulletin/2018-10-01%2C", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "In bta_av_proc_meta_cmd of bta_av_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111893951"}, {"lang": "es", "value": "En bta_av_proc_meta_cmd de bta_av_act.cc, hay una posible lectura fuera de l\u00edmites debido a una comprobaci\u00f3n de l\u00edmites incorrecta. Esto podr\u00eda llevar a una divulgaci\u00f3n remota de informaci\u00f3n por Buetooth sin necesitar privilegios de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para explotarlo. Producto: Versiones de Android: Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 y Android-9.0. Android ID: A-111893951"}], "lastModified": "2024-11-21T04:15:36.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"}, {"criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C"}, {"criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C"}, {"criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033"}, {"criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2"}, {"criteria": "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DFAAD08-36DA-4C95-8200-C29FE5B6B854"}], "operator": "OR"}]}], "sourceIdentifier": "security@android.com"}

6.5 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

6.1 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2018-9507

6.5^/10

6.1^/10

Attach tags to `CVE-2018-9507`