CVE-2018-9490

CVE numbers: CVE-2018-9490 [Bulletin-CVE-2018-9490]
Coordinated disclosure?: unknown
Categories: Framework
Details: In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111274046 [NIST-CVE-2018-9490]
Discovered by: Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9490] on: Unknown
Reported on: 2018-10-01 [Bulletin-CVE-2018-9490]
Fixed on: 2018-08-02 [A-111274046]
Fix released on: 2018-10-05 [Bulletin-CVE-2018-9490]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9490] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9490]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9490]
Submission: by: Daniel Carter, on: 2019-07-25

AndroidVulnerabilities.org