VDB
CVE-2018-11280
CVE-2018-11280
PUBLISHED
CVSS 4.900000095367432 MEDIUM
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing user-space there is no size validation of the NAT entry input. If the user input size of the NAT entry is greater than the max allowed size, memory exhaustion will occur.
EPSS 0.03% · 9.3th percentile
Risk Scores
CVSS 2.0
4.900000095367432
EPSS Score
0.03%
9.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm, Inc. | Android for MSM, Firefox OS for MSM, QRD Android | All Android releases from CAF using the Linux kernel |
| android |
Exploit Intelligence
Timeline
- Sep 18, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://source.android.com/security/bulletin/2019-02-01.html advisory
- https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin url
- 106949 vdb
- https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=bd3627dae5f1a34e0284cfe167f61273ecc2f386 url
- https://nvd.nist.gov/vuln/detail/CVE-2018-11280 advisory