CVE-2019-2212

NameCVE-2019-2212
DescriptionIn poisson_distribution of random, there is an out of bounds read. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139690488
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libc++ (PTS)jessie, stretch3.5-2vulnerable
llvm-toolchain-6.0 (PTS)jessie (security)1:6.0.1-0+deb8u1vulnerable
buster1:6.0.1-10vulnerable
bullseye, sid1:6.0.1-11vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libc++source(unstable)(unfixed)
llvm-toolchain-6.0source(unstable)(unfixed)
llvm-toolchain-7.0unknown(unstable)(unfixed)

Notes

https://android.googlesource.com/platform/external/libcxx/+/4cebe6f1f01a34546b3b843b5267619a61bd7d39
https://android.googlesource.com/platform/external/libcxx/+/8260b5d56f6880a29b57f73b7f4866e47e9e4818
https://android.googlesource.com/platform/external/libcxx/+/a16cd9df50f22ccf65cf27eddc0403791116c75a

Search for package or bug name: Reporting problems