Main Vulnerability Database Vulnerabilities #VU34749

Resource exhaustion in Google Android - CVE-2020-0088

Published: March 15, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34749

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-0088

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In parseTrackFragmentRun of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124389881

How to mitigate CVE-2020-0088

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/pixel/2020-06-01

Resource exhaustion in Google Android - CVE-2020-0088

Detailed vulnerability description

How to mitigate CVE-2020-0088

Sources

Please verify you're human