CVE Vulnerabilities

CVE-2018-9467

Published: Nov 20, 2024 | Modified: Nov 22, 2024
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Software

Name Vendor Start Version End Version
Android Google 7.0 (including) 7.0 (including)
Android Google 7.1.1 (including) 7.1.1 (including)
Android Google 7.1.2 (including) 7.1.2 (including)
Android Google 8.0 (including) 8.0 (including)
Android Google 8.1 (including) 8.1 (including)
Android Google 9.0 (including) 9.0 (including)

References