CVE-2019-2212

NameCVE-2019-2212
DescriptionIn poisson_distribution of random, there is an out of bounds read. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139690488
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libc++ (PTS)stretch3.5-2vulnerable
llvm-toolchain-6.0 (PTS)buster1:6.0.1-10vulnerable
llvm-toolchain-8 (PTS)bullseye, sid1:8.0.1-9vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libc++source(unstable)(unfixed)
llvm-toolchain-6.0source(unstable)(unfixed)
llvm-toolchain-8source(unstable)(unfixed)

Notes

[stretch] - libc++ <no-dsa> (Minor issue)
[jessie] - libc++ <no-dsa> (Minor issue, Jessie versions of software that uses poisson distribution have low popcon)
[buster] - llvm-toolchain-6.0 <no-dsa> (Minor issue)
[jessie] - llvm-toolchain-6.0 <no-dsa> (Minor issue, Jessie versions of software that uses poisson distribution have low popcon)
https://android.googlesource.com/platform/external/libcxx/+/4cebe6f1f01a34546b3b843b5267619a61bd7d39
https://android.googlesource.com/platform/external/libcxx/+/8260b5d56f6880a29b57f73b7f4866e47e9e4818
https://android.googlesource.com/platform/external/libcxx/+/a16cd9df50f22ccf65cf27eddc0403791116c75a
template is affected, so dependencies need a rebuild

Search for package or bug name: Reporting problems