Out of Bounds Write Vulnerability in SecureDrop Server Could Lead to Remote Code Execution
CVE-2018-9478

9.8CRITICAL

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 20 November 2024

What is CVE-2018-9478?

The vulnerability arises from inadequate bounds checking in the process_service_attr_req and process_service_search_attr_req functions within the sdp_server.cc file. This flaw allows attackers to exploit the vulnerability remotely, leading to potential code execution without requiring any user interaction. Such vulnerabilities pose significant security risks, as they can be exploited easily and may compromise the integrity of affected devices, allowing unauthorized actions to be performed.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Android 7

Android 8

Android 8.1

References

https://source.android.com/security/bulletin/2018-09-01

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 20, 2024
Vulnerability Reserved
Apr 5, 2018

JSON

Google

What is CVE-2018-9478?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.