exploitDog

CVE-2019-2007

Опубликовано: 19 июн. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

In getReadIndex and getWriteIndex of FifoControllerBase.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9Android ID: A-120789744

Ссылки

https://source.android.com/security/bulletin/2019-03-01
Vendor Advisory
https://source.android.com/security/bulletin/2019-03-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00165

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-190

Связанные уязвимости

GHSA-wrfc-97qx-4vm7

github

больше 3 лет назад

In getReadIndex and getWriteIndex of FifoControllerBase.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9Android ID: A-120789744

EPSS

Процентиль: 38%

0.00165

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-190