CVE-2020-0034

HIGH

Description

In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770

References

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00048.html

https://source.android.com/security/bulletin/2020-03-01

Details

Source: MITRE

Published: 2020-03-10

Updated: 2020-05-23

Type: CWE-125

Risk Information

CVSS v2.0

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
147310NewStart CGSL CORE 5.04 / MAIN 5.04 : libvpx Multiple Vulnerabilities (NS-SA-2021-0015)NessusNewStart CGSL Local Security Checks
high
142738Amazon Linux 2 : libvpx (ALAS-2020-1558)NessusAmazon Linux Local Security Checks
high
142235EulerOS 2.0 SP2 : libvpx (EulerOS-SA-2020-2364)NessusHuawei Local Security Checks
high
141685Scientific Linux Security Update : libvpx on SL7.x x86_64 (20201001)NessusScientific Linux Local Security Checks
high
141617CentOS 7 : libvpx (CESA-2020:3876)NessusCentOS Local Security Checks
high
141257Oracle Linux 7 : libvpx (ELSA-2020-3876)NessusOracle Linux Local Security Checks
high
141041RHEL 7 : libvpx (RHSA-2020:3876)NessusRed Hat Local Security Checks
high
140827EulerOS 2.0 SP3 : libvpx (EulerOS-SA-2020-2060)NessusHuawei Local Security Checks
high
138260SUSE SLED15 / SLES15 Security Update : libvpx (SUSE-SU-2020:1297-2)NessusSuSE Local Security Checks
high
136878openSUSE Security Update : libvpx (openSUSE-2020-680)NessusSuSE Local Security Checks
high
136790SUSE SLED15 / SLES15 Security Update : libvpx (SUSE-SU-2020:1297-1)NessusSuSE Local Security Checks
high
134352Debian DLA-2136-1 : libvpx security updateNessusDebian Local Security Checks
high