{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2018-9421","assignerOrgId":"baff130e-b8d5-4e15-b3d3-c3cf5d5545c6","state":"PUBLISHED","assignerShortName":"google_android","dateReserved":"2018-04-05T00:00:00.000Z","datePublished":"2024-11-19T21:22:12.436Z","dateUpdated":"2024-11-20T15:34:27.270Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Android","vendor":"Google","versions":[{"status":"affected","version":"6"},{"status":"affected","version":"6.0.1"},{"status":"affected","version":"7"},{"status":"affected","version":"8"},{"status":"affected","version":"8.1"},{"status":"affected","version":"nyc-mr1-dev"},{"status":"affected","version":"nyc-mr2-dev"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"In writeInplace of Parcel.cpp, there is a possible information leak across processes, using Binder, due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
"}],"value":"In writeInplace of Parcel.cpp, there is a possible information leak across processes, using Binder, due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."}],"providerMetadata":{"orgId":"baff130e-b8d5-4e15-b3d3-c3cf5d5545c6","shortName":"google_android","dateUpdated":"2024-11-19T21:22:12.436Z"},"references":[{"url":"https://source.android.com/security/bulletin/2018-07-01"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-908","lang":"en","description":"CWE-908 Use of Uninitialized Resource"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-11-20T15:32:14.697024Z","id":"CVE-2018-9421","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-20T15:34:27.270Z"}}]}}