Home > Vulnerability Database > CVE-2018-9507

Mend.io Vulnerability Database

CVE-2018-9507

Date: October 2, 2018

In bta_av_proc_meta_cmd of bta_av_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111893951

Language: C++

Severity Score

6.5

Related Resources (6)

Url: https://android.googlesource.com/platform/system/bt/+/30cec963095366536ca0b1306089154e09bfe1a9

Url: https://source.android.com/security/bulletin/2018-10-01%2C

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-9507

Url: https://source.android.com/security/bulletin/2018-10-01

Url: http://www.securityfocus.com/bid/105482

Url: https://www.mend.io/vulnerability-database/CVE-2018-9507

Severity Score

6.5

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	6.1
Access Vector (AV):	ADJACENT
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-9507

Date: October 2, 2018

Language: C++

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?