Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2019-9233

Published: 27 September 2019

In wpa_supplicant_8, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122529021

Notes

AuthorNote
mdeslaur
This CVE was assigned to Android, impact on Ubuntu is unknown
introduced by https://w1.fi/cgit/hostap/commit/?id=bb598c3bdd06

Priority

Low

Cvss 3 Severity Score

7.5

Score breakdown

Status

Package Release Status
wpa
Launchpad, Ubuntu, Debian
impish Not vulnerable
(2:2.9.0-21)
hirsute Not vulnerable
(2:2.9.0-21)
bionic Needed

focal Needed

trusty Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
jammy Not vulnerable
(2:2.9.0-21)
kinetic Not vulnerable
(2:2.9.0-21)
disco Ignored
(end of life)
eoan Ignored
(end of life)
groovy Ignored
(end of life)
lunar Not vulnerable
(2:2.9.0-21)
upstream Needs triage

mantic Not vulnerable
(2:2.9.0-21)
Patches:
android: https://android.googlesource.com/platform/external/wpa_supplicant_8/+/e5e28bbce4e60f710aa8ee90236c3cc0066095e8
upstream: https://w1.fi/cgit/hostap/commit/?id=dc72854fe2fb726068de8c9bf2d0737b05cd975d

Severity score breakdown

Parameter Value
Base score 7.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact None
Availability impact None
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N