Main Vulnerability Database Vulnerabilities #VU36420

Out-of-bounds write in Google Android - CVE-2018-9536

Published: November 14, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36420

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-9536

CWE-ID: CWE-787

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112662184

How to mitigate CVE-2018-9536

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/105865
https://source.android.com/security/bulletin/2018-11-01

Out-of-bounds write in Google Android - CVE-2018-9536

Detailed vulnerability description

How to mitigate CVE-2018-9536

Sources

Please verify you're human