CVE-2019-2228 — Out-of-bounds Read in Google Android

CWE-125 — Out-of-bounds Read9 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 72.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups Debian Cups Google Android

Timeline

PublishedDec 6

Latest updateMay 24

Description

In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

▶CVEListV5google/androidAndroid-8.0 Android-8.1 Android-9 Android-10

▶NVDgoogle/android4 versions+3

▶googlegoogle/android

▶debiandebian/cups< cups 2.3.1-1 (bookworm)

▶Debianapple/cups< 2.3.1-1+3

🔴Vulnerability Details

GHSA

GHSA-6xpc-pxw7-qhg3: In array_find of array↗2022-05-24

▶

OSV

cups vulnerabilities↗2020-04-27

▶

OSV

CVE-2019-2228: In array_find of array↗2019-12-06

▶

💥Exploits & PoCs

Exploit-DB

DIGIT CENTRIS 4 ERP - 'datum1' SQL Injection↗2019-09-19

▶

Exploit-DB

NoviSmart CMS - SQL injection↗2019-07-24

▶

📋Vendor Advisories

Ubuntu

CUPS vulnerabilities↗2020-04-27

▶

Android

CVE-2019-2228: Android Security Bulletin 2019-12-01 CVE: CVE-2019-2228 Severity: HIGH Type: ID Affected AOSP versions: 8↗2019-12-01

▶

Debian

CVE-2019-2228: cups - In array_find of array.c, there is a possible out-of-bounds read due to an incor...↗2019

▶