exploitDog

CVE-2020-0020

Опубликовано: 13 фев. 2020

Источник: nvd

CVSS3: 5.5

CVSS2: 4.9

EPSS Низкий

Описание

In getAttributeRange of ExifInterface.java, there is a possible failure to redact location information from media files due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143118731

Ссылки

https://source.android.com/security/bulletin/2020-02-01
Patch
Vendor Advisory
https://source.android.com/security/bulletin/2020-02-01
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 10%

0.00034

Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-4c63-92gr-v7j8

github

больше 3 лет назад

In getAttributeRange of ExifInterface.java, there is a possible failure to redact location information from media files due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143118731

EPSS

Процентиль: 10%

0.00034

Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-119