PT-2019-16208 · Google · Android
Published
2019-07-08
·
Updated
2019-07-09
·
CVE-2019-2116
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Android versions 7.0 through 9
Description
A possible out-of-bound read due to a missing bounds check in the
save attr seq function of sdp discovery.cc could lead to remote information disclosure. No additional execution privileges are needed, and user interaction is not required for exploitation.Recommendations
For Android versions 7.0 through 9, apply the necessary patch to fix the missing bounds check in the
save attr seq function of sdp discovery.cc. As a temporary workaround, consider restricting access to the affected function until a patch is available.Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android