Main Vulnerability Database Vulnerabilities #VU35748

Information disclosure in Google Android - CVE-2019-2118

Published: July 8, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35748

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-2118

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to gain access to sensitive information.

In various functions of Parcel.cpp, there are uninitialized or partially initialized stack variables. These could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-130161842.

How to mitigate CVE-2019-2118

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/2019-07-01

Information disclosure in Google Android - CVE-2019-2118

Detailed vulnerability description

How to mitigate CVE-2019-2118

Sources

Please verify you're human