#VU25357 Out-of-bounds write


Published: 2020-06-03 | Updated: 2021-11-03

Vulnerability identifier: #VU25357

Vulnerability risk: High

CVSSv3.1:

CVE-ID: CVE-2020-0022

CWE-ID: CWE-787

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Google Android
Operating systems & Components / Operating system

Vendor: Google

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists within the System functionality of Android due to a boundary error when processing untrusted input in "reassemble_and_dispatch" of "packet_fragmenter.cc". A remote attacker can trigger out-of-bounds write and execute arbitrary code over Bluetooth on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Google Android: 10, 9.0, 8.0 - 8.1


CPE

External links
http://source.android.com/security/bulletin/2020-02-01
http://android.googlesource.com/platform/system/bt/+/3cb7149d8fed2d7d77ceaa95bf845224c4db3baf


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability