CVE-2020-0421Improper Handling of Exceptional Conditions in Google Android

CWE-755Improper Handling of Exceptional ConditionsCWE-787Out-of-bounds Write5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 98.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform System CoreGoogle Android
Timeline
PublishedOct 14
Latest updateMay 24

Description

In appendFormatV of String8.cpp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-161894517

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5google/androidAndroid-8.1 Android-9 Android-10 Android-11 Android-8.0
NVDgoogle/android5 versions+4
Androidplatform/system_core8.0:08.0:2020-10-01+4

Patches

Patch: source.android.comPatch: source.android.com

🔴Vulnerability Details

3
GHSA
GHSA-29fp-7w52-3694: In appendFormatV of String82022-05-24
CVEList
CVE-2020-0421: In appendFormatV of String82020-10-14
OSV
CVE-2020-0421: In appendFormatV of String82020-10-01

📋Vendor Advisories

1
Android
CVE-2020-0421: Android Security Bulletin 2020-10-01 CVE: CVE-2020-0421 Severity: HIGH Type: EoP Affected AOSP versions: 82020-10-01
CVE-2020-0421 — Google Android vulnerability | cvebase