René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

112 lines
3.4 KiB
JSON

{
"id": "CVE-2018-9536",
"sourceIdentifier": "security@android.com",
"published": "2018-11-14T18:29:00.887",
"lastModified": "2018-12-14T14:14:12.707",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112662184"
},
{
"lang": "es",
"value": "En numerosas funciones de de libFDK, hay una posible escritura fuera de l\u00edmites debido a una comprobaci\u00f3n de l\u00edmites incorrecta. Esto podr\u00eda llevar a la ejecuci\u00f3n remota de c\u00f3digo sin necesitar privilegios de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para explotarlo. Producto: Android. Versiones: Android-9. Android ID: A-112662184"
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DFAAD08-36DA-4C95-8200-C29FE5B6B854"
}
]
}
]
}
],
"references": [
{
"url": "http://www.securityfocus.com/bid/105865",
"source": "security@android.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://source.android.com/security/bulletin/2018-11-01",
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}