Home > Vulnerability Database > CVE-2018-9508

Mend.io Vulnerability Database

CVE-2018-9508

Date: October 2, 2018

In smp_process_keypress_notification of smp_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-111936834

Language: C++

Severity Score

6.5

Related Resources (7)

Url: https://android.googlesource.com/platform/system/bt/+/e8bbf5b0889790cf8616f4004867f0ff656f0551

Url: https://source.android.com/security/bulletin/2018-10-01%2C

Url: https://source.android.com/security/bulletin/2018-10-01,

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-9508

Url: https://source.android.com/security/bulletin/2018-10-01

Url: http://www.securityfocus.com/bid/105482

Url: https://www.mend.io/vulnerability-database/CVE-2018-9508

Severity Score

6.5

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

CVSS v3

Base Score:	6.5
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	6.1
Access Vector (AV):	ADJACENT
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-9508

Date: October 2, 2018

Language: C++

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3

CVSS v2

Do you need more information?