Local Information Disclosure Vulnerability in Android OS
CVE-2019-2038

5.5MEDIUM

Key Information:

Vendor
Android
Status
Android
Vendor
CVE Published:
19 April 2019

Summary

In a specific function of the Android operating system, a missing bounds check can lead to an out-of-bounds read. This vulnerability may allow local attackers to disclose sensitive information without requiring elevated privileges. Exploitation necessitates user interaction, highlighting the importance of maintaining cautious usage patterns.

Affected Version(s)

Android Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9

References

https://source.android.com/security/bulletin/2019-04-01
x_refsource_CONFIRM

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.