{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "6.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "6.0.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.1.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.1.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "8.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "8.1" } ] } ] } } ], "details": "In gatts_process_attribute_req of gatt_sc.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-73172115.", "id": "CVE-2018-9358", "modified": "2026-03-13T21:56:16.322231167Z", "published": "2018-11-06T17:29:00.363Z", "references": [ { "type": "ADVISORY", "url": "http://www.securityfocus.com/bid/104461" }, { "type": "FIX", "url": "https://source.android.com/security/bulletin/2018-06-01" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ] }