CVE-2019-2195

In tokenize of sqlite3_android.cpp, there is a possible attacker controlled INSERT statement due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139186193
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*

History

21 Nov 2024, 04:40

Type Values Removed Values Added
References () https://source.android.com/security/bulletin/2019-11-01 - Vendor Advisory () https://source.android.com/security/bulletin/2019-11-01 - Vendor Advisory

Information

Published : 2019-11-13 18:15

Updated : 2024-11-21 04:40


NVD link : CVE-2019-2195

Mitre link : CVE-2019-2195

CVE.ORG link : CVE-2019-2195


JSON object : View

Products Affected

google

  • android
CWE
CWE-20

Improper Input Validation

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')