Possible Out of Bound Read Leads to Local Information Disclosure Without Additional Execution Privileges
CVE-2018-9435
5.5MEDIUM
What is CVE-2018-9435?
The vulnerability resides in the Bluetooth stack's handling of error responses, specifically the gatt_process_error_rsp function in gatt_cl.cc. A flaw exists due to the absence of a proper bounds check, which can result in an out of bounds read. This condition allows for the possibility of disclosing sensitive local information without requiring any specific execution privileges. The exploitation of this flaw does not necessitate user interaction, making it a notable concern for user data privacy.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Android 6
Android 6.0.1
Android 7
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved