CVE-2018-9357

HIGH

Android - Out-of-bounds Write in BNEP_Write

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-9357. PoCs published by codecat007.

AI-analyzed exploit summary This PoC exploits CVE-2018-9357, a buffer overflow vulnerability in Android's Bluedroid BNEP implementation. It sends maliciously crafted BNEP control frames to trigger an out-of-bounds write, leading to a denial-of-service (DoS) condition.

Description

In BNEP_Write of bnep_api.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74947856.

Exploits (1)

github WORKING POC 8 stars
by codecat007 · cpoc
https://github.com/codecat007/cvehub/tree/main/android/Bluedroid/poc_CVE-2018-9357.c

This PoC exploits CVE-2018-9357, a buffer overflow vulnerability in Android's Bluedroid BNEP implementation. It sends maliciously crafted BNEP control frames to trigger an out-of-bounds write, leading to a denial-of-service (DoS) condition.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Android Bluedroid (BNEP implementation)
No auth needed
Prerequisites: Bluetooth-enabled Android device · L2CAP socket access · Target device's Bluetooth address
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2018-06-01
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/104461

Scores

CVSS v3 7.8
EPSS 0.0003
EPSS Percentile 10.4%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (7)
google/android 6.0
google/android 6.0.1
google/android 7.0
google/android 7.1.1
google/android 7.1.2
google/android 8.0
google/android 8.1
Published Nov 06, 2018
Tracked Since Feb 18, 2026