CVE-2018-9557
Summary
| CVE | CVE-2018-9557 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-12-06 14:29:00 UTC |
| Updated | 2020-08-24 17:37:00 UTC |
| Description | In really_install_package of install.cpp, there is a possible free of arbitrary memory due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2. Android ID: A-35385357. |
Risk And Classification
Problem Types: CWE-763 | CWE-908
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Android | 7.0 | All | All | All | |
| Operating System | Android | 7.1.1 | All | All | All | |
| Operating System | Android | 7.1.2 | All | All | All | |
| Operating System | Android | 7.0 | All | All | All | |
| Operating System | Android | 7.1.1 | All | All | All | |
| Operating System | Android | 7.1.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Android Security Bulletin—December 2018 | Android Open Source Project | CONFIRM | source.android.com | Vendor Advisory |
| Google Android System Component Multiple Security Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.