CVE-2018-9381

HIGH

Google Android - Use of Uninitialized Resource

Title source: rule

Description

In gatts_process_read_by_type_req of gatt_sr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Exploits (1)

github WORKING POC 8 stars

by codecat007 · cpoc

https://github.com/codecat007/cvehub/tree/main/android/Bluedroid/poc_CVE-2018-9381.c

View Code ZIP pw:eip

References (1)

[Patch, Vendor Advisory] https://source.android.com/docs/security/bulletin/pixel/2018-06-01

Scores

CVSS v3 7.5

EPSS 0.0019

EPSS Percentile 41.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-908

Status published

Affected Products (1)

google/android

Timeline

Published Dec 02, 2024

Tracked Since Feb 18, 2026