Main Vulnerability Database Vulnerabilities #VU34323

Input validation error in Google Android - CVE-2020-0196

Published: June 11, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34323

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-0196

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Google Android

Software vendor:
Google

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In RegisterNotificationResponse::GetEvent of register_notification_packet.cc, there is a possible abort due to improper input validation. This could lead to remote denial of service of the Bluetooth service, over Bluetooth, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144066833

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/pixel/2020-06-01

Input validation error in Google Android - CVE-2020-0196

Description

Remediation

External links

Please verify you're human