CVE-2020-0256Out-of-bounds Write in Google Android

CWE-787Out-of-bounds Write8 documents7 sources
Severity
6.8MEDIUMNVD
EPSS
0.0%
top 87.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Platform External GptfdiskDebian GdiskGoogle Android+1 more
Timeline
PublishedAug 11
Latest updateMay 24

Description

In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when inserting a malicious USB device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-152874864

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages5 packages

CVEListV5google/androidAndroid-8.1 Android-9 Android-10 Android-8.0
NVDgoogle/android4 versions+3
debiandebian/gdisk< gdisk 1.0.6-1 (bookworm)
Androidplatform/external_gptfdisk8.0:08.0:2020-08-01+3

Also affects: Debian Linux 9.0

🔴Vulnerability Details

3
GHSA
GHSA-cj3m-c468-w963: In LoadPartitionTable of gpt2022-05-24
OSV
CVE-2020-0256: In LoadPartitionTable of gpt2020-08-11
OSV
CVE-2020-0256: In LoadPartitionTable of gpt2020-08-01

📋Vendor Advisories

4
Red Hat
gdisk: possible out-of-bounds-write in LoadPartitionTable of gpt.cc2022-02-04
Ubuntu
GPT fdisk vulnerabilities2022-02-03
Android
CVE-2020-0256: Android Security Bulletin 2020-08-01 CVE: CVE-2020-0256 Severity: HIGH Type: EoP Affected AOSP versions: 82020-08-01
Debian
CVE-2020-0256: gdisk - In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to ...2020
CVE-2020-0256 — Out-of-bounds Write in Google Android | cvebase