CVE-2019-9233
Published: 27 September 2019
In wpa_supplicant_8, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122529021
Notes
Author | Note |
---|---|
mdeslaur | This CVE was assigned to Android, impact on Ubuntu is unknown introduced by https://w1.fi/cgit/hostap/commit/?id=bb598c3bdd06 |
Priority
Status
Package | Release | Status |
---|---|---|
wpa Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(2:2.9.0-21)
|
hirsute |
Not vulnerable
(2:2.9.0-21)
|
|
bionic |
Needed
|
|
focal |
Needed
|
|
trusty |
Not vulnerable
(code not present)
|
|
xenial |
Not vulnerable
(code not present)
|
|
jammy |
Not vulnerable
(2:2.9.0-21)
|
|
kinetic |
Not vulnerable
(2:2.9.0-21)
|
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life)
|
|
groovy |
Ignored
(end of life)
|
|
lunar |
Not vulnerable
(2:2.9.0-21)
|
|
upstream |
Needs triage
|
|
mantic |
Not vulnerable
(2:2.9.0-21)
|
|
Patches: android: https://android.googlesource.com/platform/external/wpa_supplicant_8/+/e5e28bbce4e60f710aa8ee90236c3cc0066095e8 upstream: https://w1.fi/cgit/hostap/commit/?id=dc72854fe2fb726068de8c9bf2d0737b05cd975d |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |