Main Vulnerability Database Vulnerabilities #VU35350

Integer overflow in Google Android - CVE-2019-9311

Published: September 27, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35350

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-9311

CWE-ID: CWE-190

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Bluetooth, there is a possible crash due to an integer overflow. This could lead to remote denial of service on incoming calls with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79431031

How to mitigate CVE-2019-9311

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/android-10

Integer overflow in Google Android - CVE-2019-9311

Detailed vulnerability description

How to mitigate CVE-2019-9311

Sources

Please verify you're human