CVE-2020-0413

2020-10-1413:05:55

google_android

www.cve.org

out of bounds read

gatt process

remote information disclosure

bluetooth server

android versions

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

37.8%

JSON

In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-158778659

CNA Affected

[
  {
    "product": "Android",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Android-8.1 Android-9 Android-10 Android-11 Android-8.0"
      }
    ]
  }
]

References

source.android.com/security/bulletin/2020-10-01