Main Vulnerability Database Vulnerabilities #VU35993

Out-of-bounds write in Google Android - CVE-2019-2034

Published: April 19, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35993

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-2034

CWE-ID: CWE-787

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In rw_i93_sm_read_ndef of rw_i93.cc, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the NFC process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-122035770.

How to mitigate CVE-2019-2034

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/2019-04-01

Out-of-bounds write in Google Android - CVE-2019-2034

Detailed vulnerability description

How to mitigate CVE-2019-2034

Sources

Please verify you're human