cve-2018-9511
Vulnerability from cvelistv5
Published
2018-10-02 19:00
Modified
2024-09-16 16:58
Severity
Summary
In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on sockets with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-111650288
References
| Source | URL | Tags |
|---|---|---|
| security@android.com | http://www.securityfocus.com/bid/105482 | Third Party Advisory, VDB Entry |
| security@android.com | https://android.googlesource.com/platform/system/netd/+/931418b16c7197ca2df34c2a5609e49791125abe | Patch, Vendor Advisory |
| nvd@nist.gov | https://source.android.com/security/bulletin/2018-10-01 | Patch, Vendor Advisory |
| security@android.com | https://source.android.com/security/bulletin/2018-10-01%2C |
Impacted products
| Vendor | Product |
|---|---|
| Google Inc. | Android |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:24:56.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105482",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105482"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2018-10-01%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://android.googlesource.com/platform/system/netd/+/931418b16c7197ca2df34c2a5609e49791125abe"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android-9.0"
}
]
}
],
"datePublic": "2018-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on sockets with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-111650288"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-04T09:57:01",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"name": "105482",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105482"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2018-10-01%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://android.googlesource.com/platform/system/netd/+/931418b16c7197ca2df34c2a5609e49791125abe"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-10-02T00:00:00",
"ID": "CVE-2018-9511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-9.0"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on sockets with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-111650288"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105482"
},
{
"name": "https://source.android.com/security/bulletin/2018-10-01,",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-10-01,"
},
{
"name": "https://android.googlesource.com/platform/system/netd/+/931418b16c7197ca2df34c2a5609e49791125abe",
"refsource": "MISC",
"url": "https://android.googlesource.com/platform/system/netd/+/931418b16c7197ca2df34c2a5609e49791125abe"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9511",
"datePublished": "2018-10-02T19:00:00Z",
"dateReserved": "2018-04-05T00:00:00",
"dateUpdated": "2024-09-16T16:58:51.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-9511\",\"sourceIdentifier\":\"security@android.com\",\"published\":\"2018-10-02T19:29:13.353\",\"lastModified\":\"2023-11-07T03:01:38.123\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on sockets with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-111650288\"},{\"lang\":\"es\",\"value\":\"En ipSecSetEncapSocketOwner en XfrmController.cpp, hay un posible error a la hora de inicializar una caracter\u00edstica de seguridad debido a datos no inicializados. Esto podr\u00eda llevar a una denegaci\u00f3n de servicio local de IPsec en sockets sin necesitar privilegios de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para explotarlo. Producto: Versiones de Android: Android-9.0. Android ID: A-111650288\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:C\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":4.9},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-909\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DFAAD08-36DA-4C95-8200-C29FE5B6B854\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105482\",\"source\":\"security@android.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://android.googlesource.com/platform/system/netd/+/931418b16c7197ca2df34c2a5609e49791125abe\",\"source\":\"security@android.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://source.android.com/security/bulletin/2018-10-01\",\"source\":\"nvd@nist.gov\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://source.android.com/security/bulletin/2018-10-01%2C\",\"source\":\"security@android.com\"}]}}"
}
}
Loading...