CVE-2018-9481

MEDIUM

Android - Remote Information Disclosure via Integer Overflow in bta_hd_set_report_act

Title source: llm
STIX 2.1

Description

In bta_hd_set_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation.

Scores

CVSS v3 6.5
EPSS 0.0014
EPSS Percentile 3.6%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-125 CWE-190
Status published
Products (4)
apache/traffic_server 6.0.0 - 6.2.3
google/android 8.0
google/android 8.1
google/android 9.0
Published Nov 20, 2024
Tracked Since Feb 18, 2026