VDB
CVE-2018-9481
CVE-2018-9481
PUBLISHED
CVSS 6.5 MEDIUM
In bta_hd_set_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation.
EPSS 0.09% · 25.3th percentile
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.09%
25.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| android | 8.0, 8.1, 9.0 | |
| apache | traffic_server | 6.0.0, 7.0.0, 8.0.0 |
| Android | 8.1, 9, 8 |
Exploit Intelligence
Timeline
- Sep 5, 2018 CVE Published
- Nov 21, 2024 EPSS Score
- Dec 9, 2024 EPSS Score
- Dec 27, 2024 EPSS Score
- Jan 13, 2025 EPSS Score
- Jan 31, 2025 EPSS Score
- Feb 17, 2025 EPSS Score
- Mar 7, 2025 EPSS Score
- Mar 24, 2025 EPSS Score
- Apr 11, 2025 EPSS Score
- Apr 28, 2025 EPSS Score
- May 15, 2025 EPSS Score
References
- https://source.android.com/security/bulletin/pixel/2018-09-01 advisory
- https://source.android.com/security/bulletin/2018-09-01 advisory
- https://lists.apache.org/thread.html/rcb8bae0b289d71d18a3220be256c1dfcc4d9ab49d2d6e07d1eac7c9d@%3Cdev.trafficserver.apache.org%3E url
- https://nvd.nist.gov/vuln/detail/CVE-2018-9481 advisory