Main Vulnerability Database Vulnerabilities #VU34290

#VU34290 Input validation error in Google Android - CVE-2020-0162

Published: June 11, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34290

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-0162

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Google Android

Software vendor:
Google

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In parseSampleAuxiliaryInformationOffsets of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124526959

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/pixel/2020-06-01

#VU34290 Input validation error in Google Android - CVE-2020-0162

Description

Remediation

External links

Please verify you're human