Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-47039

Summary
Assigner-Google_Devices
Assigner Org ID-83238938-5644-45f0-9007-c0392bcf6222
Published At-18 Dec, 2024 | 19:04
Updated At-18 Dec, 2024 | 19:16
Rejected At-
Credits

OOB Read in the android.hardware.boot.IBootControl/default service

In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local  information disclosure with no additional execution privileges needed. User  interaction is not needed for exploitation.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Google_Devices
Assigner Org ID:83238938-5644-45f0-9007-c0392bcf6222
Published At:18 Dec, 2024 | 19:04
Updated At:18 Dec, 2024 | 19:16
Rejected At:
▼CVE Numbering Authority (CNA)
OOB Read in the android.hardware.boot.IBootControl/default service

In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local  information disclosure with no additional execution privileges needed. User  interaction is not needed for exploitation.

Affected Products
Vendor
Google LLCGoogle
Product
Android
Default Status
unaffected
Versions
Affected
  • v10
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125 Out-of-bounds Read
Type: CWE
CWE ID: CWE-125
Description: CWE-125 Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
4.010.0CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Version: 4.0
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://source.android.com/security/bulletin/pixel/2024-11-01
N/A
Hyperlink: https://source.android.com/security/bulletin/pixel/2024-11-01
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:dsap-vuln-management@google.com
Published At:18 Dec, 2024 | 19:15
Updated At:18 Dec, 2024 | 19:15

In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local  information disclosure with no additional execution privileges needed. User  interaction is not needed for exploitation.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.010.0CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-125Secondarydsap-vuln-management@google.com
CWE ID: CWE-125
Type: Secondary
Source: dsap-vuln-management@google.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://source.android.com/security/bulletin/pixel/2024-11-01dsap-vuln-management@google.com
N/A
Hyperlink: https://source.android.com/security/bulletin/pixel/2024-11-01
Source: dsap-vuln-management@google.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

228Records found
CVE-2017-13322
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-10||CRITICAL
EPSS-0.03% / 6.44%
||
7 Day CHG~0.00%
Published-17 Jan, 2025 | 23:06
Updated-13 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-783
Operator Precedence Logic Error
CVE-2018-9416
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-10||CRITICAL
EPSS-0.04% / 9.65%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 23:36
Updated-18 Dec, 2024 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In sg_remove_scat of scsi/sg.c, there is a possible memory corruption due to an unusual root cause. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47040
Matching Score-8
Assigner-Google Devices
ShareView Details
Matching Score-8
Assigner-Google Devices
CVSS Score-10||CRITICAL
EPSS-0.05% / 16.52%
||
7 Day CHG~0.00%
Published-18 Dec, 2024 | 19:08
Updated-18 Dec, 2024 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in the android.hardware.radio.sap.ISap/slot2 service

There is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-416
Use After Free
CVE-2024-47038
Matching Score-8
Assigner-Google Devices
ShareView Details
Matching Score-8
Assigner-Google Devices
CVSS Score-10||CRITICAL
EPSS-0.04% / 10.67%
||
7 Day CHG~0.00%
Published-18 Dec, 2024 | 19:01
Updated-18 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a possible outcof bounds write due to a missing bounds check. This could lead to localcescalation of privilege with no additional execution privileges needed. Usercinteraction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-56187
Matching Score-6
Assigner-Google Devices
ShareView Details
Matching Score-6
Assigner-Google Devices
CVSS Score-6.6||MEDIUM
EPSS-0.01% / 0.77%
||
7 Day CHG~0.00%
Published-10 Mar, 2025 | 18:19
Updated-27 Jun, 2025 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrary read from TEE memory due to a logic error in the code. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-56186
Matching Score-6
Assigner-Google Devices
ShareView Details
Matching Score-6
Assigner-Google Devices
CVSS Score-5.1||MEDIUM
EPSS-0.01% / 0.39%
||
7 Day CHG~0.00%
Published-10 Mar, 2025 | 18:19
Updated-27 Jun, 2025 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In closeChannel of secureelementimpl.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-56184
Matching Score-6
Assigner-Google Devices
ShareView Details
Matching Score-6
Assigner-Google Devices
CVSS Score-5.1||MEDIUM
EPSS-0.01% / 0.39%
||
7 Day CHG~0.00%
Published-10 Mar, 2025 | 18:19
Updated-27 Jun, 2025 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In static long dev_send of tipc_dev_ql, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-5770
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.13% / 77.42%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-53839
Matching Score-6
Assigner-Google Devices
ShareView Details
Matching Score-6
Assigner-Google Devices
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.69%
||
7 Day CHG~0.00%
Published-03 Jan, 2025 | 03:28
Updated-03 Jan, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GetCellInfoList() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-5849
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.1||HIGH
EPSS-0.49% / 64.37%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:22
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-5159
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.26% / 48.66%
||
7 Day CHG~0.00%
Published-22 May, 2024 | 15:11
Updated-13 Feb, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in ANGLE in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChromechrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-5798
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.71% / 71.45%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 19:17
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-SUSEDebian GNU/LinuxRed Hat, Inc.Google LLCopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuxchromeenterprise_linuxpackage_hubbackportsleapChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-47041
Matching Score-6
Assigner-Google Devices
ShareView Details
Matching Score-6
Assigner-Google Devices
CVSS Score-7.4||HIGH
EPSS-0.01% / 0.53%
||
7 Day CHG~0.00%
Published-25 Oct, 2024 | 10:34
Updated-04 Nov, 2024 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In valid_address of syscall.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-47028
Matching Score-6
Assigner-Google Devices
ShareView Details
Matching Score-6
Assigner-Google Devices
CVSS Score-5.1||MEDIUM
EPSS-0.01% / 0.52%
||
7 Day CHG~0.00%
Published-25 Oct, 2024 | 10:34
Updated-28 Oct, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ffu_flash_pack of ffu.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-4100
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.57% / 67.50%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 22:55
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-5835
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.50% / 65.11%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Action-Not Available
Vendor-openSUSEGoogle LLCFedora Project
Product-chromefedorabackportsleapChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-5867
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 50.21%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:22
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read in JavaScript in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-5791
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.97% / 82.78%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 19:13
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-openSUSEGoogle LLC
Product-chromebackportsleapChrome
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2019-5881
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.1||HIGH
EPSS-0.48% / 64.26%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:22
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-5782
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-79.80% / 99.06%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-15401
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.18% / 77.85%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 19:00
Updated-05 Aug, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption bug in WebAssembly could lead to out of bounds read and write through V8 in WebAssembly in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-43082
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.01%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 17:25
Updated-17 Dec, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onActivityResult of EditUserPhotoController.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-37992
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.00% / 76.04%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 21:05
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCDebian GNU/Linux
Product-chromedebian_linuxChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-6129
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-2.58% / 84.98%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds array access in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-37972
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.73% / 71.66%
||
7 Day CHG~0.00%
Published-08 Oct, 2021 | 21:30
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-4059
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.98%
||
7 Day CHG~0.00%
Published-01 May, 2024 | 12:49
Updated-27 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-40656
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.60%
||
7 Day CHG~0.00%
Published-11 Sep, 2024 | 00:09
Updated-17 Dec, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-3839
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.77%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 07:46
Updated-13 Feb, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChromechrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-45781
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 20.05%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 22:40
Updated-28 Aug, 2024 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-0698
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.15% / 36.72%
||
7 Day CHG~0.00%
Published-07 Feb, 2023 | 00:00
Updated-05 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-30593
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.1||HIGH
EPSS-0.27% / 50.01%
||
7 Day CHG~0.00%
Published-26 Aug, 2021 | 17:05
Updated-03 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-30511
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.1||HIGH
EPSS-0.25% / 48.41%
||
7 Day CHG~0.00%
Published-04 Jun, 2021 | 17:15
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-47018
Matching Score-6
Assigner-Google Devices
ShareView Details
Matching Score-6
Assigner-Google Devices
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.14%
||
7 Day CHG~0.00%
Published-25 Oct, 2024 | 10:34
Updated-28 Oct, 2024 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-32904
Matching Score-6
Assigner-Google Devices
ShareView Details
Matching Score-6
Assigner-Google Devices
CVSS Score-4.7||MEDIUM
EPSS-0.04% / 8.73%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-13 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ProtocolVsimOperationAdapter() of protocolvsimadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-32915
Matching Score-6
Assigner-Google Devices
ShareView Details
Matching Score-6
Assigner-Google Devices
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.33%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:02
Updated-04 Nov, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In CellInfoListParserV2::FillCellInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-32914
Matching Score-6
Assigner-Google Devices
ShareView Details
Matching Score-6
Assigner-Google Devices
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.84%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:02
Updated-06 Nov, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In tpu_get_int_state of tpu.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-32893
Matching Score-6
Assigner-Google Devices
ShareView Details
Matching Score-6
Assigner-Google Devices
CVSS Score-8.1||HIGH
EPSS-0.09% / 26.78%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In _s5e9865_mif_set_rate of exynos_dvfs.c, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidpixel
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2024-32898
Matching Score-6
Assigner-Google Devices
ShareView Details
Matching Score-6
Assigner-Google Devices
CVSS Score-4.7||MEDIUM
EPSS-0.04% / 8.73%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-13 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ProtocolCellIdentityParserV4::Parse() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-32894
Matching Score-6
Assigner-Google Devices
ShareView Details
Matching Score-6
Assigner-Google Devices
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.28%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-27 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In bc_get_converted_received_bearer of bc_utilities.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-3156
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.28% / 78.74%
||
7 Day CHG~0.00%
Published-06 Apr, 2024 | 14:53
Updated-13 Feb, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChromechrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-3159
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-5.34% / 89.69%
||
7 Day CHG~0.00%
Published-06 Apr, 2024 | 14:53
Updated-13 Feb, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromeChromechromefedora
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-29742
Matching Score-6
Assigner-Google Devices
ShareView Details
Matching Score-6
Assigner-Google Devices
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.96%
||
7 Day CHG~0.00%
Published-05 Apr, 2024 | 20:02
Updated-06 Nov, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In apply_minlock_constraint of dvfs.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-13318
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.7||MEDIUM
EPSS-0.03% / 4.94%
||
7 Day CHG~0.00%
Published-28 Jan, 2025 | 16:51
Updated-10 Jul, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In HeifDataSource::readAt of HeifDecoderImpl.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-29754
Matching Score-6
Assigner-Google Devices
ShareView Details
Matching Score-6
Assigner-Google Devices
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 3.72%
||
7 Day CHG~0.00%
Published-05 Apr, 2024 | 20:02
Updated-27 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TMU_IPC_GET_TABLE, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-29755
Matching Score-6
Assigner-Google Devices
ShareView Details
Matching Score-6
Assigner-Google Devices
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.83%
||
7 Day CHG~0.00%
Published-05 Apr, 2024 | 20:02
Updated-27 Oct, 2024 | 22:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In tmu_get_pi of tmu.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-29750
Matching Score-6
Assigner-Google Devices
ShareView Details
Matching Score-6
Assigner-Google Devices
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.96%
||
7 Day CHG~0.00%
Published-05 Apr, 2024 | 20:02
Updated-21 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In km_exp_did_inner of kmv.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Androidandroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-27223
Matching Score-6
Assigner-Google Devices
ShareView Details
Matching Score-6
Assigner-Google Devices
CVSS Score-5.1||MEDIUM
EPSS-0.30% / 53.24%
||
7 Day CHG~0.00%
Published-11 Mar, 2024 | 18:55
Updated-03 Apr, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure after authenticating the cell connection with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-27230
Matching Score-6
Assigner-Google Devices
ShareView Details
Matching Score-6
Assigner-Google Devices
CVSS Score-5.1||MEDIUM
EPSS-0.02% / 3.15%
||
7 Day CHG~0.00%
Published-11 Mar, 2024 | 18:55
Updated-03 Apr, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ProtocolPsKeepAliveStatusAdapter::getCode() of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-4427
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.1||HIGH
EPSS-75.33% / 98.84%
||
7 Day CHG-4.56%
Published-22 Aug, 2023 | 23:56
Updated-13 Feb, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-27231
Matching Score-6
Assigner-Google Devices
ShareView Details
Matching Score-6
Assigner-Google Devices
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 3.67%
||
7 Day CHG~0.00%
Published-05 Apr, 2024 | 20:02
Updated-25 Nov, 2024 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In tmu_get_tr_stats of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found