In writeTypedArrayList and readTypedArrayList of Parcel.java, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Link | Resource |
---|---|
https://source.android.com/security/bulletin/2018-06-01 |
Configurations
No configuration.
History
20 Nov 2024, 17:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-704 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
Summary |
|
19 Nov 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-19 19:15
Updated : 2024-11-20 17:35
NVD link : CVE-2018-9339
Mitre link : CVE-2018-9339
CVE.ORG link : CVE-2018-9339
JSON object : View
Products Affected
No product.
CWE
CWE-704
Incorrect Type Conversion or Cast