CVE-2019-9433

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354

References

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html

http://www.openwall.com/lists/oss-security/2019/10/25/17

http://www.openwall.com/lists/oss-security/2019/10/27/1

http://www.openwall.com/lists/oss-security/2019/11/07/1

https://lists.debian.org/debian-lts-announce/2019/11/msg00030.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/

https://lists.fedoraproject.org/archives/list/package-a[email protected]/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/

https://seclists.org/bugtraq/2019/Nov/43

https://security.gentoo.org/glsa/202003-59

https://source.android.com/security/bulletin/android-10

https://usn.ubuntu.com/4199-1/

https://usn.ubuntu.com/4199-2/

https://www.debian.org/security/2019/dsa-4578

Details

Source: MITRE

Published: 2019-09-27

Updated: 2020-07-24

Type: CWE-20

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
154441NewStart CGSL CORE 5.05 / MAIN 5.05 : libvpx Multiple Vulnerabilities (NS-SA-2021-0147)NessusNewStart CGSL Local Security Checks
high
149125EulerOS 2.0 SP3 : libvpx (EulerOS-SA-2021-1814)NessusHuawei Local Security Checks
medium
147382NewStart CGSL MAIN 6.02 : libvpx Multiple Vulnerabilities (NS-SA-2021-0060)NessusNewStart CGSL Local Security Checks
high
147310NewStart CGSL CORE 5.04 / MAIN 5.04 : libvpx Multiple Vulnerabilities (NS-SA-2021-0015)NessusNewStart CGSL Local Security Checks
high
146743EulerOS 2.0 SP2 : libvpx (EulerOS-SA-2021-1322)NessusHuawei Local Security Checks
medium
146031CentOS 8 : libvpx (CESA-2020:4629)NessusCentOS Local Security Checks
high
144253EulerOS 2.0 SP5 : libvpx (EulerOS-SA-2020-2553)NessusHuawei Local Security Checks
medium
142773Oracle Linux 8 : libvpx (ELSA-2020-4629)NessusOracle Linux Local Security Checks
high
142738Amazon Linux 2 : libvpx (ALAS-2020-1558)NessusAmazon Linux Local Security Checks
high
142413RHEL 8 : libvpx (RHSA-2020:4629)NessusRed Hat Local Security Checks
high
141685Scientific Linux Security Update : libvpx on SL7.x x86_64 (20201001)NessusScientific Linux Local Security Checks
high
141617CentOS 7 : libvpx (CESA-2020:3876)NessusCentOS Local Security Checks
high
141257Oracle Linux 7 : libvpx (ELSA-2020-3876)NessusOracle Linux Local Security Checks
high
141041RHEL 7 : libvpx (RHSA-2020:3876)NessusRed Hat Local Security Checks
high
134967GLSA-202003-59 : libvpx: User-assisted execution of arbitrary codeNessusGentoo Local Security Checks
high
134079SUSE SLES12 Security Update : libvpx (SUSE-SU-2020:0459-1)NessusSuSE Local Security Checks
high
133253openSUSE Security Update : libvpx (openSUSE-2020-105)NessusSuSE Local Security Checks
high
133236Fedora 30 : libvpx (2020-6cd410d9e4)NessusFedora Local Security Checks
high
133141SUSE SLED15 / SLES15 Security Update : libvpx (SUSE-SU-2020:0143-1)NessusSuSE Local Security Checks
high
132789Fedora 31 : libvpx (2020-65eac1b48b)NessusFedora Local Security Checks
high
131439Debian DSA-4578-1 : libvpx - security updateNessusDebian Local Security Checks
high
131331Debian DLA-2012-1 : libvpx security updateNessusDebian Local Security Checks
high
131314Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : libvpx vulnerabilities (USN-4199-1)NessusUbuntu Local Security Checks
high