exploitDog

CVE-2020-0086

Опубликовано: 15 мар. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 6.8

EPSS Низкий

Описание

In readCString of Parcel.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to arbitrary code execution if IntSan were not enabled, which it is by default. No additional execution privileges are required. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-131859347

Ссылки

https://source.android.com/security/bulletin/android-10
Vendor Advisory
https://source.android.com/security/bulletin/android-10
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 41%

0.00187

Низкий

9.8 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

GHSA-cc6c-7c4q-p82p

github

больше 3 лет назад

In readCString of Parcel.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to arbitrary code execution if IntSan were not enabled, which it is by default. No additional execution privileges are required. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-131859347

EPSS

Процентиль: 41%

0.00187

Низкий

9.8 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-190