← Back

CVE-2020-0006

nvd nist
Published: Jan 8, 2020Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to remote information disclosure in the NFC server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-139738828

Affected (4)

Products: Google: Android
Google
1 product
Android
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Google
Android
Version 10.0
Android
Version 8.0
Android
Version 8.1
Android
Version 9.0

Related CWEs

CWE-908
Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.

References (2)

Source: security@android.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.