CVE-2018-6246
MEDIUMAndroid < 8.1 - Information Disclosure via Widevine Trustlet Buffer Overread
Title source: llmDescription
In Android before the 2018-05-05 security patch level, NVIDIA Widevine Trustlet contains a vulnerability in Widevine TA where the software reads data past the end, or before the beginning, of the intended buffer, which may lead to Information Disclosure. This issue is rated as moderate. Android: A-69383916. Reference: N-CVE-2018-6246.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/pixel/2018-05-01
Scores
CVSS v3
5.3
EPSS
0.0035
EPSS Percentile
26.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
google/android
< 8.1
Published
May 10, 2018
Tracked Since
Feb 18, 2026