We found results for “”
CVE-2020-0020
Good to know:
Date: February 18, 2020
In getAttributeRange of ExifInterface.java, there is a possible failure to redact location information from media files due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143118731
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
Buffer Errors
CWE-119Top Fix
Upgrade Version
Upgrade to version android-9.0.0_r53,android-8.0.0_r43,android-8.1.0_r73,android-10.0.0_r26
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | LOCAL |
Access Complexity (AC): | LOW |
Authentication (AU): | NONE |
Confidentiality (C): | COMPLETE |
Integrity (I): | NONE |
Availability (A): | NONE |
Additional information: |