Possible Blocking of Internet Traffic Through VPN Due to Bad UID Check
CVE-2018-9487

5.5MEDIUM

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 20 November 2024

What is CVE-2018-9487?

A vulnerability exists in the Android operating system's VPN services, specifically in the setVpnForcedLocked function of Vpn.java. This flaw is caused by an inadequate check of user identifiers (UIDs), which can lead to a situation where the internet traffic is inadvertently blocked when using a VPN. Exploitation of this vulnerability can result in a local denial of service, affecting the user's ability to access the internet through the VPN. A user interaction is required to exploit this issue, increasing the complexity of its exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Android 8

Android 8.1

Android 9

References

https://source.android.com/security/bulletin/2018-09-01

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 20, 2024
Vulnerability Reserved
Apr 5, 2018

JSON

Google

What is CVE-2018-9487?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.