Main Vulnerability Database Vulnerabilities #VU36318

Buffer overflow in Google Android - CVE-2018-11905

Published: December 7, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36318

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-11905

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in WLAN function due to lack of input validation in values received from firmware.

How to mitigate CVE-2018-11905

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/105872
https://source.android.com/security/bulletin/2018-11-01#qualcomm-components

Buffer overflow in Google Android - CVE-2018-11905

Detailed vulnerability description

How to mitigate CVE-2018-11905

Sources

Please verify you're human