CVE-2018-9426

HIGH

RSAKeyPairGenerator - Crypto Vulnerability

Title source: llm

Description

In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs being generated. This could lead to crypto vulnerability with no additional execution privileges needed. User interaction is not needed for exploitation. Bulletin Fix: The fix is designed to correctly implement the key generation according to FIPS standard.

References (1)

[Patch, Vendor Advisory] https://source.android.com/docs/security/bulletin/pixel/2018-07-01

Scores

CVSS v3 7.5

EPSS 0.0018

EPSS Percentile 39.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-331

Status published

Products (5)

google/android 7.0

google/android 7.1.1

google/android 7.1.2

google/android 8.0

google/android 8.1

Published Dec 02, 2024

Tracked Since Feb 18, 2026