Vulnerability CVE-2020-0022


Published: 2020-02-13

Description:
In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Android Bluetooth Remote Denial Of Service
nu11secur1ty
27.03.2020

Type:

CWE-787

CVSS2 => (AV:A/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
8.3/10
10/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Google -> Android 

 References:
http://seclists.org/fulldisclosure/2020/Feb/10
https://source.android.com/security/bulletin/2020-02-01

Copyright 2020, cxsecurity.com

 

Back to Top