ID CVE-2018-9557
Summary In really_install_package of install.cpp, there is a possible free of arbitrary memory due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2. Android ID: A-35385357.
References
Vulnerable Configurations
  • Google Android (Nougat) 7.0
    cpe:2.3:o:google:android:7.0
  • Google Android 7.1.1
    cpe:2.3:o:google:android:7.1.1
  • Google Android 7.1.2
    cpe:2.3:o:google:android:7.1.2
CVSS
Base: 7.2
Impact:
Exploitability:
CWE CWE-416
CAPEC
refmap via4
bid 106147
confirm https://source.android.com/security/bulletin/2018-12-01
Last major update 06-12-2018 - 09:29
Published 06-12-2018 - 09:29
Last modified 02-01-2019 - 11:32
Back to Top