CVE-2019-2195

HIGH

Android - Local Privilege Escalation via SQLite Tokenize Input Validation

Title source: llm
STIX 2.1

Description

In tokenize of sqlite3_android.cpp, there is a possible attacker controlled INSERT statement due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139186193

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.0019
EPSS Percentile 9.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20 CWE-89
Status published
Products (4)
google/android 8.0
google/android 8.1
google/android 9.0
google/android 10.0
Published Nov 13, 2019
Tracked Since Feb 18, 2026