プラットフォーム
android
コンポーネント
android
修正版
8.0.1
CVE-2019-1996 is an Information Disclosure vulnerability affecting the Android Bluetooth stack. This flaw resides within the avrcparsbrowsersp function of avrcpars_ct.cc and stems from a missing bounds check. Exploitation does not require user interaction and impacts Android versions 8.0 through 9. A patch is available in Android 8.0.1.
The impact of CVE-2019-1996 is the potential for remote information disclosure. An attacker within Bluetooth range could exploit this vulnerability to read sensitive data from the device's memory. The specific data exposed depends on the contents of the Bluetooth buffer, but it could include configuration information, application data, or even cryptographic keys. The lack of user interaction makes this vulnerability particularly concerning, as it can be exploited without any interaction from the device owner. The potential for remote exploitation significantly increases the attack surface.
CVE-2019-1996 was published on February 28, 2019. Public proof-of-concept (POC) exploits for this vulnerability are available, increasing the risk of exploitation. It is not currently listed on KEV or having an EPSS score. The Android ID A-111451066 is associated with this vulnerability.
エクスプロイト状況
EPSS
0.16% (37% パーセンタイル)
The primary mitigation for CVE-2019-1996 is to upgrade affected Android devices to version 8.0.1 or later. If upgrading is not immediately feasible, consider disabling Bluetooth functionality when not in use. Network segmentation can limit the potential impact of this vulnerability. Monitoring Bluetooth traffic for unusual patterns may also help detect potential exploitation attempts. After upgrading, confirm the fix by attempting to trigger the vulnerable function and verifying that no memory access errors occur.
Actualice a la última versión de Android disponible para su dispositivo. Consulte el boletín de seguridad de Android para obtener más detalles sobre la actualización y las versiones afectadas.
脆弱性分析と重要アラートをメールでお届けします。
It's an Information Disclosure vulnerability in Android's Bluetooth stack, allowing attackers to read sensitive data remotely.
If you're running Android 8.0, 8.1, or 9, you are potentially affected by this vulnerability.
Upgrade your Android device to version 8.0.1 or later to patch this vulnerability.
Public exploits exist, suggesting a potential for exploitation.
Refer to the National Vulnerability Database (NVD) entry for CVE-2019-1996 for more technical details.
build.gradle ファイルをアップロードすると、影響の有無を即座にお知らせします。