Main Vulnerability Database Vulnerabilities #VU35330

Allocation of Resources Without Limits or Throttling in Google Android - CVE-2019-9291

Published: September 27, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35330

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-9291

CWE-ID: CWE-770

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In Bluetooth, there is a possible remote code execution due to an improper memory allocation. This could lead to remote code execution in Bluetooth with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112159179

How to mitigate CVE-2019-9291

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/android-10

Allocation of Resources Without Limits or Throttling in Google Android - CVE-2019-9291

Detailed vulnerability description

How to mitigate CVE-2019-9291

Sources

Please verify you're human