CVE-2019-2097
Status: Analyzed
Last modified:
21-07-2021
Published:
07-06-2019
9.8
SUMMARY CVE-2019-2097
In HAliasAnalyzer.Query of hydrogen-alias-analysis.h, there is possible memory corruption due to type confusion. This could lead to remote code execution from a malicious proxy configuration, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-117606285.
Access CVSS3 CVE-2019-2097
Attack Complexity | Attack Vector | Privileges Required | Scope | User Interaction |
---|---|---|---|---|
LOW | NETWORK | NONE | UNCHANGED | NONE |
Impact CVSS3 CVE-2019-2097
Confidentiality | Integrity | Availability |
---|---|---|
HIGH | HIGH | HIGH |
Details CVE-2019-2097
EPSS | 0.00102 |
---|---|
EPSS % | 0.42759 |
References | |
CWE | CWE-843 |
Vulnerable Configurations |
|
CVSS3 Source | nvd@nist.gov |
CVSS3 Type | Primary |
CVSS3 Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |