Candidate: CVE-2019-9233
PublicDate: 2019-09-27 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9233
 https://source.android.com/security/bulletin/android-10
Description:
 In wpa_supplicant_8, there is a possible out of bounds read due to an
 incorrect bounds check. This could lead to remote information disclosure
 with no additional execution privileges needed. User interaction is not
 needed for exploitation. Product: AndroidVersions: Android-10Android ID:
 A-122529021
Ubuntu-Description:
Notes:
 mdeslaur> This CVE was assigned to Android, impact on Ubuntu is unknown
 mdeslaur> introduced by https://w1.fi/cgit/hostap/commit/?id=bb598c3bdd06
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]


Patches_wpa:
 android: https://android.googlesource.com/platform/external/wpa_supplicant_8/+/e5e28bbce4e60f710aa8ee90236c3cc0066095e8
 upstream: https://w1.fi/cgit/hostap/commit/?id=dc72854fe2fb726068de8c9bf2d0737b05cd975d
upstream_wpa: needs-triage
precise/esm_wpa: DNE
trusty_wpa: ignored (out of standard support)
trusty/esm_wpa: not-affected (code not present)
xenial_wpa: not-affected (code not present)
esm-infra/xenial_wpa: not-affected (code not present)
bionic_wpa: needed
disco_wpa: ignored (reached end-of-life)
eoan_wpa: ignored (reached end-of-life)
focal_wpa: needed
groovy_wpa: ignored (reached end-of-life)
hirsute_wpa: not-affected (2:2.9.0-21)
impish_wpa: not-affected (2:2.9.0-21)
jammy_wpa: not-affected (2:2.9.0-21)
devel_wpa: not-affected (2:2.9.0-21)