CVE-2020-0117

In aes_cmac of aes_cmac.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-151155194
References
Link Resource
https://source.android.com/security/bulletin/2020-06-01 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*

Information

Published : 2020-06-10 18:15

Updated : 2021-07-21 11:39


NVD link : CVE-2020-0117

Mitre link : CVE-2020-0117


JSON object : View

Products Affected

google

  • android
CWE
CWE-190

Integer Overflow or Wraparound