CVE-2018-9594

MEDIUM

Android 7.0-9 - Integer Overflow to Out-of-Bounds Read in NFC LLCP Link AGF PDU Processing

Title source: llm
STIX 2.1

Description

In llcp_link_proc_agf_pdu of llcp_link.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116791157.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106495

Scores

CVSS v3 6.5
EPSS 0.0033
EPSS Percentile 24.9%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-125 CWE-190
Status published
Products (6)
google/android 7.0
google/android 7.1.1
google/android 7.1.2
google/android 8.0
google/android 8.1
google/android 9.0
Published Feb 11, 2019
Tracked Since Feb 18, 2026