CVE-2018-9339
EUVD-2018-2093319.11.2024, 19:15
In writeTypedArrayList and readTypedArrayList of Parcel.java, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| android | 8.0 | |
| android | 8.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
- CWE-704 - Incorrect Type Conversion or CastThe software does not correctly convert an object, resource, or structure from one type to a different type.