Home > Vulnerability Database > CVE-2019-2136

Mend.io Vulnerability Database

CVE-2019-2136

Good to know:

Date: August 20, 2019

In Status::readFromParcel of Status.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-132650049.

Language: C++

Severity Score

7.2

Related Resources (3)

Url: https://source.android.com/security/bulletin/2019-08-01

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-2136

Url: https://www.mend.io/vulnerability-database/CVE-2019-2136

Severity Score

7.2

Weakness Type (CWE)

Input Validation

CWE-20

Out-of-bounds Read

CWE-125

Top Fix

Upgrade Version

Upgrade to version android-7.1.1_r59,android-7.1.2_r37,android-8.0.0_r37;android-9.0.0_r46

Learn More

CVSS v3

Base Score:	7.2
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE

CVSS v2

Base Score:	5.5
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-2136

Good to know:

Date: August 20, 2019

Language: C++

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?