← Back

CVE-2019-2104

nvd nist
Published: Jul 8, 2019Modified: Nov 21, 2024

JSON object

Loading...
5.5
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

In HIDL, safe_union, and other C++ structs/unions being sent to application processes, there are uninitialized fields. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-131356202

Affected (3)

Products: Google: Android
Google
1 product
Android
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Google
Android
Version 8.0
Android
Version 8.1
Android
Version 9.0

Related CWEs

CWE-908
Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.

References (2)

Source: security@android.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.