Main Vulnerability Database Vulnerabilities #VU35928

Out-of-bounds write in Google Android - CVE-2019-2045

Published: May 8, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35928

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-2045

CWE-ID: CWE-787

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In JSCallTyper of typer.cc, there is an out of bounds write due to an incorrect bounds check. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.1 Android-9 Android ID: A-117554758

How to mitigate CVE-2019-2045

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/2019-05-01

Out-of-bounds write in Google Android - CVE-2019-2045

Detailed vulnerability description

How to mitigate CVE-2019-2045

Sources

Please verify you're human