Vulnerabilities > CVE-2019-2228 - Out-of-bounds Read vulnerability in Google Android
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 4 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4340-1.NASL description It was discovered that CUPS incorrectly handled certain language values. A local attacker could possibly use this issue to cause CUPS to crash, leading to a denial of service, or possibly obtain sensitive information. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. (CVE-2019-2228) Stephan Zeisberg discovered that CUPS incorrectly handled certain malformed ppd files. A local attacker could possibly use this issue to execute arbitrary code. (CVE-2020-3898). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2020-04-28 plugin id 136029 published 2020-04-28 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136029 title Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : cups vulnerabilities (USN-4340-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1501.NASL description According to the version of the cups packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196(CVE-2019-2228) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2020-04-20 plugin id 135734 published 2020-04-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135734 title EulerOS 2.0 SP8 : cups (EulerOS-SA-2020-1501) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-2047.NASL description An issue has been found in cups, the Common UNIX Printing System(tm). An incorrect bounds check could lead to a possible out-of-bounds read and local information disclosure in the printer spooler. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 132346 published 2019-12-23 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132346 title Debian DLA-2047-1 : cups security update
References
- https://lists.debian.org/debian-lts-announce/2019/12/msg00030.html
- https://lists.debian.org/debian-lts-announce/2019/12/msg00030.html
- https://source.android.com/security/bulletin/2019-12-01
- https://source.android.com/security/bulletin/2019-12-01
- https://usn.ubuntu.com/4340-1/
- https://usn.ubuntu.com/4340-1/