CVE-2018-11280

MEDIUM

Android - Denial of Service via NAT Entry Input Size Exhaustion

Title source: llm
STIX 2.1

Description

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing user-space there is no size validation of the NAT entry input. If the user input size of the NAT entry is greater than the max allowed size, memory exhaustion will occur.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106949

Scores

CVSS v3 5.5
EPSS 0.0020
EPSS Percentile 9.5%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (1)
google/android
Published Sep 18, 2018
Tracked Since Feb 18, 2026