CVE-2019-2045

CRITICAL

Android 7.0-9 - Out-of-bounds Write in JSCallTyper

Title source: llm
STIX 2.1

Description

In JSCallTyper of typer.cc, there is an out of bounds write due to an incorrect bounds check. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.1 Android-9 Android ID: A-117554758

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2019-05-01

Scores

CVSS v3 9.8
EPSS 0.0136
EPSS Percentile 68.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (5)
google/android 7.0
google/android 7.1.1
google/android 7.1.2
google/android 8.1
google/android 9.0
Published May 08, 2019
Tracked Since Feb 18, 2026