PT-2019-16197 · Google · Android
Publicado
2019-07-08
·
Atualizado
2020-08-24
·
CVE-2019-2105
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Android versions 7.0 through 9
Description
The issue is related to a possible memory corruption due to uninitialized data in the FileInputStream::Read function. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is required for exploitation.
Recommendations
For Android versions 7.0 through 9, update to a version that contains a fix for this issue to prevent potential remote code execution.
Correção
Use of Uninitialized Resource
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Android