Main Vulnerability Database Vulnerabilities #VU36329

Integer overflow in Google Android - CVE-2018-9556

Published: December 6, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36329

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-9556

CWE-ID: CWE-190

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In ParsePayloadHeader of payload_metadata.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113118184.

How to mitigate CVE-2018-9556

Install update from vendor's website.

Integer overflow in Google Android - CVE-2018-9556

Detailed vulnerability description

How to mitigate CVE-2018-9556

Sources

Please verify you're human