CVE-2018-9411

HIGH

Google Android - Out-of-Bounds Write

Title source: rule

Description

In decrypt of ClearKeyCasPlugin.cpp there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation.

Exploits (1)

nomisec WORKING POC 52 stars

by tamirzb · poc

https://github.com/tamirzb/CVE-2018-9411

View Code ZIP pw:eip

References (1)

Core 1

Core References

Patch, Vendor Advisory

https://source.android.com/security/bulletin/2018-07-01

Scores

CVSS v3 8.8

EPSS 0.0794

EPSS Percentile 92.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (2)

google/android 8.0

google/android 8.1

Published Nov 19, 2024

Tracked Since Feb 18, 2026