Main Vulnerability Database Vulnerabilities #VU34748

Integer overflow in Google Android - CVE-2020-0086

Published: March 15, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34748

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2020-0086

CWE-ID: CWE-190

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In readCString of Parcel.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to arbitrary code execution if IntSan were not enabled, which it is by default. No additional execution privileges are required. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-131859347

How to mitigate CVE-2020-0086

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/android-10

Integer overflow in Google Android - CVE-2020-0086

Detailed vulnerability description

How to mitigate CVE-2020-0086

Sources

Please verify you're human