CVE-2020-0382 — Improper Handling of Exceptional Conditions in Google Android

CWE-755 — Improper Handling of Exceptional Conditions CWE-754 — Improper Check for Unusual or Exceptional Conditions5 documents5 sources

Severity

2.3LOWNVD

EPSS

0.0%

top 97.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform Frameworks Base Platform Frameworks Native Google Android

Timeline

PublishedSep 17

Latest updateMay 24

Description

In RunInternal of dumpstate.cpp, there is a possible user consent bypass due to an uncaught exception. This could lead to local information disclosure of bug report data with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-152944488

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 0.8 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5google/androidAndroid-11 Android-10

▶NVDgoogle/android10.0, 11.0+1

▶Androidplatform/frameworks_base10:0 — 10:2020-09-01

▶Androidplatform/frameworks_native10:0 — 10:2020-09-01

🔴Vulnerability Details

GHSA

GHSA-w5h8-gj7c-wr5p: In RunInternal of dumpstate↗2022-05-24

▶

CVEList

CVE-2020-0382: In RunInternal of dumpstate↗2020-09-17

▶

OSV

CVE-2020-0382: In RunInternal of dumpstate↗2020-09-01

▶

📋Vendor Advisories

Android

CVE-2020-0382: Android Security Bulletin 2020-09-01 CVE: CVE-2020-0382 Severity: HIGH Type: ID Affected AOSP versions: 10 References: A-152944488 [2]↗2020-09-01

▶