CVE-2019-2204

2019-11-1317:37:02

google_android

www.cve.org

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

42.1%

JSON

In FindSharedFunctionInfo of objects.cc, there is a possible out of bounds read due to a mistake in AST traversal. This could lead to remote code execution in the pacprocessor with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9 Android ID: A-138442295

CNA Affected

[
  {
    "product": "Android",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Android-8.1"
      },
      {
        "status": "affected",
        "version": "Android-9"
      }
    ]
  }
]

References

source.android.com/security/bulletin/2020-01-01