PT-2020-11488 · Google · Android
Published
2020-06-11
·
Updated
2020-06-15
·
CVE-2020-0127
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Android versions Android-10
Description
In the
AudioStream::decode function of AudioGroup.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the phone process with no additional execution privileges needed. User interaction is needed for exploitation.Recommendations
For Android version Android-10, consider restricting access to the
AudioStream::decode function until a patch is available. As a temporary workaround, avoid using the AudioGroup.cpp component to minimize the risk of exploitation.Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android