CVE-2019-9233

Published: 27 September 2019

In wpa_supplicant_8, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122529021

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
wpa
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(2:2.9.0-21)
Ubuntu 20.10 (Groovy Gorilla) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Patches:
Android: https://android.googlesource.com/platform/external/wpa_supplicant_8/+/e5e28bbce4e60f710aa8ee90236c3cc0066095e8
Upstream: https://w1.fi/cgit/hostap/commit/?id=dc72854fe2fb726068de8c9bf2d0737b05cd975d

Notes

AuthorNote
mdeslaur
This CVE was assigned to Android, impact on Ubuntu is unknown
introduced by https://w1.fi/cgit/hostap/commit/?id=bb598c3bdd06

References