CVE-2018-9475

HIGH

Android - Out-of-bounds Write in HeadsetInterface::ClccResponse via Bluetooth

Title source: llm
STIX 2.1

Description

In HeadsetInterface::ClccResponse of btif_hf.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote escalation of privilege via Bluetooth, if the recipient has enabled SIP calls with no additional execution privileges needed. User interaction is not needed for exploitation.

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0015
EPSS Percentile 4.4%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-787
Status published
Products (6)
google/android 7.0
google/android 7.1.1
google/android 7.1.2
google/android 8.0
google/android 8.1
google/android 9.0
Published Nov 20, 2024
Tracked Since Feb 18, 2026