Details of VAR-202412-0289

ID

VAR-202412-0289

CVE

CVE-2018-9380

TITLE

Google of Android Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2018-016769

DESCRIPTION

In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google in the United States. There is a security vulnerability in Google Pixel. No detailed vulnerability details are provided at present

Trust: 2.16

sources: NVD: CVE-2018-9380 // JVNDB: JVNDB-2018-016769 // CNVD: CNVD-2025-05536

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-05536

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	7.0	Trust: 2.4
vendor:	google	model:	android	scope:	eq	version:	7.1.1	Trust: 2.4
vendor:	google	model:	android	scope:	eq	version:	7.1.2	Trust: 2.4
vendor:	google	model:	android	scope:	eq	version:	8.0	Trust: 2.4
vendor:	google	model:	android	scope:	eq	version:	8.1	Trust: 2.4
vendor:	google	model:	android	scope:	eq	version:	-	Trust: 0.8
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8

sources: CNVD: CNVD-2025-05536 // JVNDB: JVNDB-2018-016769 // NVD: CVE-2018-9380

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-9380
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2018-9380
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-9380
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-05536
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-05536
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-9380
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2018-9380
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-05536 // JVNDB: JVNDB-2018-016769 // NVD: CVE-2018-9380 // NVD: CVE-2018-9380

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2018-016769 // NVD: CVE-2018-9380

PATCH

title:

Patch for Google Pixel has an unspecified vulnerability (CNVD-2025-05536)

url:

https://www.cnvd.org.cn/patchInfo/show/669861

Trust: 0.6

sources: CNVD: CNVD-2025-05536

EXTERNAL IDS

db:	NVD	id:	CVE-2018-9380	Trust: 3.2
db:	JVNDB	id:	JVNDB-2018-016769	Trust: 0.8
db:	CNVD	id:	CNVD-2025-05536	Trust: 0.6

sources: CNVD: CNVD-2025-05536 // JVNDB: JVNDB-2018-016769 // NVD: CVE-2018-9380

REFERENCES

url:	https://source.android.com/docs/security/bulletin/pixel/2018-06-01	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-9380	Trust: 1.4

sources: CNVD: CNVD-2025-05536 // JVNDB: JVNDB-2018-016769 // NVD: CVE-2018-9380

SOURCES

db:	CNVD	id:	CNVD-2025-05536
db:	JVNDB	id:	JVNDB-2018-016769
db:	NVD	id:	CVE-2018-9380

LAST UPDATE DATE

2025-03-22T23:41:46.511000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-05536	date:	2025-03-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-016769	date:	2024-12-19T01:56:00
db:	NVD	id:	CVE-2018-9380	date:	2024-12-18T19:42:11.093

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-05536	date:	2025-03-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-016769	date:	2024-12-19T00:00:00
db:	NVD	id:	CVE-2018-9380	date:	2024-12-02T20:15:04.443