CVE-2020-0034

Опубликовано: 10 мар. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Низкий

Описание

In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00048.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/11/msg00024.html
Mailing List
Third Party Advisory
https://source.android.com/security/bulletin/2020-03-01
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00048.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/11/msg00024.html
Mailing List
Third Party Advisory
https://source.android.com/security/bulletin/2020-03-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.02415

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2020-0034

CVSS3: 7.5

ubuntu

больше 5 лет назад

CVE-2020-0034

CVSS3: 7.5

redhat

больше 5 лет назад

CVE-2020-0034

CVSS3: 7.5

debian

больше 5 лет назад

In vp8_decode_frame of decodeframe.c, there is a possible out of bound ...

openSUSE-SU-2020:0680-1

suse-cvrf

около 5 лет назад

Security update for libvpx

SUSE-SU-2021:4168-1

suse-cvrf

больше 3 лет назад

Security update for libvpx

EPSS

Процентиль: 84%

0.02415

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-125