exploitDog

CVE-2020-0138

Опубликовано: 11 июн. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 6.8

EPSS Низкий

Описание

In get_element_attr_rsp of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if bluetoothtbd were used, which it isn't in typical Android platforms, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142878416

Ссылки

https://source.android.com/security/bulletin/pixel/2020-06-01
Patch
Vendor Advisory
https://source.android.com/security/bulletin/pixel/2020-06-01
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.0552

Низкий

9.8 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-pq68-mg4h-3gxg

github

больше 3 лет назад

In get_element_attr_rsp of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if bluetoothtbd were used, which it isn't in typical Android platforms, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142878416

EPSS

Процентиль: 90%

0.0552

Низкий

9.8 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787