CVE-2018-11280
Summary
| CVE | CVE-2018-11280 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-09-18 18:29:00 UTC |
| Updated | 2019-03-05 13:33:00 UTC |
| Description | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing user-space there is no size validation of the NAT entry input. If the user input size of the NAT entry is greater than the max allowed size, memory exhaustion will occur. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Google Android Multiple Qualcomm Components Multiple Security Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| September 2018 Code Aurora Security Bulletin - Code Aurora | CONFIRM | www.codeaurora.org | Patch, Third Party Advisory |
| kernel/msm-4.9 - Unnamed repository | CONFIRM | source.codeaurora.org | Patch, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.