CVE-2018-11280
MEDIUMAndroid - Denial of Service via NAT Entry Input Size Exhaustion
Title source: llmDescription
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing user-space there is no size validation of the NAT entry input. If the user input size of the NAT entry is greater than the max allowed size, memory exhaustion will occur.
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_confirm
https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106949
Patch, Third Party Advisory x_refsource_confirm
https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=bd3627dae5f1a34e0284cfe167f61273ecc2f386
Scores
CVSS v3
5.5
EPSS
0.0020
EPSS Percentile
9.5%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (1)
google/android
Published
Sep 18, 2018
Tracked Since
Feb 18, 2026