Main Vulnerability Database Vulnerabilities #VU36942

Integer overflow in Google Android - CVE-2018-3586

Published: July 6, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36942

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-3586

CWE-ID: CWE-190

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An integer overflow to buffer overflow vulnerability exists in the ADSPRPC heap manager in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.

How to mitigate CVE-2018-3586

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/2018-07-01#qualcomm-components

Integer overflow in Google Android - CVE-2018-3586

Detailed vulnerability description

How to mitigate CVE-2018-3586

Sources

Please verify you're human