CVE DATABASE / CVE-2020-0022
CVE-2020-0022
CVSS 8.8 · HIGH
Summary
In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715
CVSS 3.1 breakdown
| Base score | 8.8 (HIGH) |
| Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | ADJACENT_NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Google androidHuawei mate 20 firmwareHuawei mate 20Huawei mate 20 pro firmwareHuawei mate 20 proHuawei mate 20 x firmwareHuawei mate 20 xHuawei p smart firmwareHuawei p smartHuawei p smart 2019 firmwareHuawei p smart 2019Huawei p20 firmwareHuawei p20Huawei p20 pro firmwareHuawei p20 proHuawei p30 firmwareHuawei p30Huawei p30 pro firmwareHuawei p30 proHuawei y6 2019 firmware
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html
- http://seclists.org/fulldisclosure/2020/Feb/10
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en
- https://source.android.com/security/bulletin/2020-02-01
Data: NIST NVD. NVD last modified 2024-11-21. Always verify against the vendor advisory before acting.