{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T12:49:54.949","vulnerabilities":[{"cve":{"id":"CVE-2018-11985","sourceIdentifier":"product-security@qualcomm.com","published":"2018-12-20T15:29:02.953","lastModified":"2024-11-21T03:44:22.330","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, When allocating heap using user supplied size, Possible heap overflow vulnerability due to integer overflow in roundup to native pointer."},{"lang":"es","value":"En todas las distribuciones de Android de CAF (Android for MSM, Firefox OS for MSM y QRD Android) que utilizan el kernel de Linux, al asignar memoria que emplea un tamaño proporcionado por el usuario, podría ocurrir una vulnerabilidad de desbordamiento de memoria dinámica (heap) debido a un desbordamiento de enteros en el redondeo al puntero nativo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin","source":"product-security@qualcomm.com","tags":["Patch","Third Party Advisory"]},{"url":"https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}