Home > Vulnerability Database > CVE-2018-9470

Mend.io Vulnerability Database

CVE-2018-9470

Good to know:

Date: November 20, 2024

In bff_Scanner_addOutPos of Scanner.c, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation.

Language: C

Severity Score

8.8

Related Resources (4)

Url: https://source.android.com/security/bulletin/2018-09-01

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-9470

Url: https://android.googlesource.com/platform/external/neven/+/86a561f79f97baa38e240f6296fe1192fa4a5c9c

Url: https://www.mend.io/vulnerability-database/CVE-2018-9470

Severity Score

8.8

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Top Fix

Upgrade Version

Upgrade to version android-9.0.0_r5

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2018-9470

Good to know:

Date: November 20, 2024

Language: C

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?