CVE-2018-6246

MEDIUM

Android < 8.1 - Information Disclosure via Widevine Trustlet Buffer Overread

Title source: llm
STIX 2.1

Description

In Android before the 2018-05-05 security patch level, NVIDIA Widevine Trustlet contains a vulnerability in Widevine TA where the software reads data past the end, or before the beginning, of the intended buffer, which may lead to Information Disclosure. This issue is rated as moderate. Android: A-69383916. Reference: N-CVE-2018-6246.

References (1)

Core 1
Core References

Scores

CVSS v3 5.3
EPSS 0.0035
EPSS Percentile 26.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
google/android < 8.1
Published May 10, 2018
Tracked Since Feb 18, 2026