CVE-2020-0141 (Medium) detected in avandroid-10.0.0_r37

Question

CVE-2020-0141 (Medium) detected in avandroid-10.0.0_r37

Opened this issue 3 years ago · 0 comments

mend-bolt-for-github commented 3 years ago

CVE-2020-0141 - Medium Severity Vulnerability

Vulnerable Library - avandroid-10.0.0_r37

Library home page: https://android.googlesource.com/platform/frameworks/av

Found in HEAD commit: 47d289006425443dab8f1e8972c2f76eea15fa26

Found in base branch: master

Vulnerable Source Files (1)

/media/codec2/sfplugin/CCodecBuffers.cpp

Vulnerability Details

In OutputBuffersArray::realloc of CCodecBuffers.cpp, there is a possible heap disclosure due to a race condition. This could lead to remote information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142544793

Publish Date: 2020-06-11

URL: CVE-2020-0141

CVSS 3 Score Details (4.4)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://android.googlesource.com/platform/frameworks/av/+/refs/tags/android-10.0.0_r37

Release Date: 2020-06-11

Fix Resolution: android-10.0.0_r37

Step up your Open Source Security Game with Mend here