CVE-2018-9471
20.11.2024, 18:15
In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to type confusion. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation.
| Vendor | Product | Version |
|---|---|---|
| android | 7.0 | |
| android | 7.1.1 | |
| android | 7.1.2 | |
| android | 8.0 | |
| android | 8.1 | |
| android | 9.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.