CVE-2018-9482

MEDIUM

Android - Local Information Disclosure via Integer Overflow in Bluetooth Service

Title source: llm
STIX 2.1

Description

In intr_data_copy_cb of btif_hd.cc, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation.

References (1)

Core 1
Core References

Scores

CVSS v3 6.5
EPSS 0.0009
EPSS Percentile 0.5%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-125 CWE-190
Status published
Products (3)
google/android 8.0
google/android 8.1
google/android 9.0
Published Nov 20, 2024
Tracked Since Feb 18, 2026