CVE-2020-0117: Integer Overflow
First published: Mon Jun 01 2020(Updated: )
In aes_cmac of aes_cmac.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-151155194
Credit: security@android.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | ||
| Android | =8.0 | |
| Android | =8.1 | |
| Android | =9.0 | |
| Android | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-0117?
CVE-2020-0117 is rated as a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2020-0117?
To fix CVE-2020-0117, update your Android device to the latest security patch provided by Google.
Which Android versions are affected by CVE-2020-0117?
CVE-2020-0117 affects Android versions 8.0, 8.1, 9.0, and 10.0.
What could happen if CVE-2020-0117 is exploited?
If exploited, CVE-2020-0117 can lead to remote code execution within the Bluetooth server without requiring user interaction.
Who is vulnerable to CVE-2020-0117?
Users with Android devices running versions 8.0 to 10.0 are vulnerable to CVE-2020-0117.
- agent/type
- agent/first-publish-date
- agent/references
- agent/remedy
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/google
- canonical/android
- version/android/8.0
- version/android/8.1
- version/android/9.0
- version/android/10.0