Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2019-9232

Disclosure Date: September 27, 2019
CVE-2019-9232 CVSS v3 Base Score: 7.5
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.5 High
Impact Score:
3.6
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Android Android-10
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • canonical,
  • debian,
  • fedoraproject,
  • google,
  • opensuse

Products

  • android 10.0,
  • debian linux 10.0,
  • debian linux 8.0,
  • debian linux 9.0,
  • fedora 30,
  • fedora 31,
  • leap 15.1,
  • ubuntu linux 14.04,
  • ubuntu linux 16.04,
  • ubuntu linux 18.04,
  • ubuntu linux 19.04

References

Canonical
CVE-2019-9232 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9232)
Advisory
[oss-security] 20191025 Security fixes from Android 10 release which are relevant outside the Android ecosystem? (http://www.openwall.com/lists/oss-security/2019/10/25/17)
[oss-security] 20191026 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem? (http://www.openwall.com/lists/oss-security/2019/10/27/1)
[oss-security] 20191107 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem? (http://www.openwall.com/lists/oss-security/2019/11/07/1)
USN-4199-1 (https://usn.ubuntu.com/4199-1)
[debian-lts-announce] 20191126 [SECURITY] [DLA 2012-1] libvpx security update (https://lists.debian.org/debian-lts-announce/2019/11/msg00030.html)
20191128 [SECURITY] [DSA 4578-1] libvpx security update (https://seclists.org/bugtraq/2019/Nov/43)
DSA-4578 (https://www.debian.org/security/2019/dsa-4578)
FEDORA-2020-65eac1b48b (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6)
FEDORA-2020-6cd410d9e4 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html
GLSA-202003-59 (https://security.gentoo.org/glsa/202003-59)
USN-4199-2 (https://usn.ubuntu.com/4199-2)
Miscellaneous
https://source.android.com/security/bulletin/android-10

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis