CVE-2018-9339

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 19, 2024

Updated: Nov 22, 2024

CWE ID 843

CWE ID 704

Summary

CVE-2018-9339 is a vulnerability affecting Parcel.java's writeTypedArrayList and readTypedArrayList functions. This issue involves type confusion, which can result in a local privilege escalation. Importantly, no additional execution privileges are required for exploitation and user interaction is not needed. This means that an attacker could potentially exploit this vulnerability to elevate their privileges within the same system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/WISma2
https://www.cve.org/CVERecord?id=CVE-2018-9339
https://nvd.nist.gov/vuln/detail/CVE-2018-9339

Back to Vulnerability Database