Vulnerability in Android Open Source Project
CVE-2018-5383
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used…
EPSS: 0.002 (39.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.0 (High). Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N.
Affected products
- Android Open Source Project — versions unspecified
- Apple Ios — versions 11
- Apple Macos — versions 10.13 High Sierra
Weakness classification (CWE)
Public proof-of-concept exploits
References
- www.cs.technion.ac.il/~biham/BT/ (x_refsource_MISC)
- 1041432 (vdb-entry, x_refsource_SECTRACK)
- VU#304725 (third-party-advisory, x_refsource_CERT-VN)
- www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update (x_refsource_CONFIRM)
- 104879 (vdb-entry, x_refsource_BID)
- [debian-lts-announce] 20190402 [SECURITY] [DLA 1747-1] firmware-nonfree security update (mailing-list, x_refsource_MLIST)
- RHSA-2019:2169 (vendor-advisory, x_refsource_REDHAT)
- USN-4094-1 (vendor-advisory, x_refsource_UBUNTU)
- USN-4095-2 (vendor-advisory, x_refsource_UBUNTU)
- USN-4095-1 (vendor-advisory, x_refsource_UBUNTU)
Frequently asked questions
- What is CVE-2018-5383?
- CVE-2018-5383 is a high-severity vulnerability in Android Open Source Project, classified under Missing Cryptographic Step. CVSS score: 8.0/10. Published 2018-08-07.
- How severe is CVE-2018-5383?
- High severity. CVSS v3 base score is 8.0 out of 10.
- Is CVE-2018-5383 known to be exploited?
- 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.