A vulnerability, which was classified as critical, was found in Google Android up to 9.0 (Smartphone Operating System). Affected is the function rw_t3t_act_handle_sro_rsp of the file rw_t3t.cc. The manipulation with an unknown input leads to a out-of-bounds write vulnerability. CWE is classifying the issue as CWE-787. The product writes data past the end, or before the beginning, of the intended buffer. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

In rw_t3t_act_handle_sro_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-120497583

The weakness was presented 06/19/2019. This vulnerability is traded as CVE-2019-2013 since 12/10/2018. Local access is required to approach this attack. Required for exploitation is a authentication. Technical details are known, but there is no available exploit. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 10/07/2023). It is expected to see the exploit prices for this product increasing in the near future.

Applying a patch is able to eliminate this problem.

See VDB-136762, VDB-136761, VDB-136760 and VDB-136759 for similar entries. VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Type

• Smartphone Operating System

Vendor

• Google

Name

• Android

Version

• 7.0
• 7.1.1
• 7.1.2
• 8.0
• 8.1
• 9.0

License

• free

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion