Main Vulnerability Database Vulnerabilities #VU22795

SQL injection in Google Android - CVE-2019-2211

Published: November 15, 2019

Vulnerability identifier: #VU22795

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-2211

CWE-ID: CWE-89

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local user to gain access to sensitive information on the target system.

The vulnerability exists within the "createProjectionMapForQuery" of TvProvider.java Framework functionality for Android due to insufficient sanitization of user-supplied data. A local user can send a specially crafted request to the affected application and disclose sensitive information on the target system.

How to mitigate CVE-2019-2211

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/2019-11-01
https://android.googlesource.com/platform/packages/providers/TvProvider/+/4979d2270d6de469609345ed63b3737524f20286
https://android.googlesource.com/platform/packages/providers/TvProvider/+/320d22948ad7ad74da79ae6b839accc7b5b9e8f8

SQL injection in Google Android - CVE-2019-2211

Detailed vulnerability description

How to mitigate CVE-2019-2211

Sources

Please verify you're human