Main Vulnerability Database Vulnerabilities #VU36446

Out-of-bounds write in Google Android - CVE-2018-9357

Published: November 6, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36446

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-9357

CWE-ID: CWE-787

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In BNEP_Write of bnep_api.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74947856.

How to mitigate CVE-2018-9357

Install update from vendor's website.

Out-of-bounds write in Google Android - CVE-2018-9357

Detailed vulnerability description

How to mitigate CVE-2018-9357

Sources

Please verify you're human