VDB
CVE-2018-9470
CVE-2018-9470
PUBLISHED
CVSS 8.800000190734863 HIGH
In bff_Scanner_addOutPos of Scanner.c, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation.
EPSS 1.98% · 83.9th percentile
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
1.98%
83.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| android | 7.0, 8.0, 9.0 | |
| Android | 8.1, 7, 8 | |
| android | 7.0, 7.1.1, 7.1.2 |
Timeline
- Sep 5, 2018 CVE Published
- Nov 20, 2024 PoC Published
- Nov 21, 2024 EPSS Score
- Dec 9, 2024 EPSS Score
- Dec 27, 2024 EPSS Score
- Jan 13, 2025 EPSS Score
- Jan 31, 2025 EPSS Score
- Feb 17, 2025 EPSS Score
- Mar 7, 2025 EPSS Score
- Mar 24, 2025 EPSS Score
- Apr 11, 2025 EPSS Score
- Apr 28, 2025 EPSS Score