VDB

CVE-2018-9470

CVE-2018-9470 PUBLISHED CVSS 8.800000190734863 HIGH

In bff_Scanner_addOutPos of Scanner.c, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation.

EPSS 1.98% · 83.9th percentile

Risk Scores

CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
1.98%
83.9th percentile

Affected Products

VendorProductVersions
googleandroid7.0, 8.0, 9.0
GoogleAndroid8.1, 7, 8
googleandroid7.0, 7.1.1, 7.1.2

Timeline

  • Sep 5, 2018 CVE Published
  • Nov 20, 2024 PoC Published
  • Nov 21, 2024 EPSS Score
  • Dec 9, 2024 EPSS Score
  • Dec 27, 2024 EPSS Score
  • Jan 13, 2025 EPSS Score
  • Jan 31, 2025 EPSS Score
  • Feb 17, 2025 EPSS Score
  • Mar 7, 2025 EPSS Score
  • Mar 24, 2025 EPSS Score
  • Apr 11, 2025 EPSS Score
  • Apr 28, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›