Vulnerability CVE-2020-0499

Vulnerability Name:

CVE-2020-0499 (CCN-193297)

Assigned:

2019-10-17

Published:

2020-12-10

Updated:

2021-02-25

Summary:

In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070

CVSS v3 Severity:

4.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
3.8 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-125

Vulnerability Consequences:

Obtain Information

References:

Source: CCN
Type: Google Web site
Android

Source: MITRE
Type: CNA
CVE-2020-0499

Source: XF
Type: UNKNOWN
android-cve20200499-info-disc(193297)

Source: MLIST
Type: Mailing List, Third Party Advisory
[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20210104 [SECURITY] [DLA 2514-1] flac security update

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-ed9c13a1d5

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-a48ccc6754

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-df42ebeac2

Source: CCN
Type: Android Open Source Project
Pixel Update BulletinDecember 2020

Source: MISC
Type: Vendor Advisory
https://source.android.com/security/bulletin/pixel/2020-12-01

Vulnerable Configuration:

Configuration 1:

cpe:/o:google:android:11.0:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:google:android:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7496	P	flac-devel-1.3.2-150000.3.11.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51565	P	Security update for krb5 (Important)	2022-11-21
oval:org.opensuse.security:def:3194	P	libjbig2-2.0-12.13 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3365	P	shim-14-25.6.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:2921	P	flac-devel-1.3.2-3.9.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95173	P	php-composer2-2.2.3-150400.1.6 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94551	P	flac-devel-1.3.2-3.9.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:56	P	flac-devel-1.3.2-3.6.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:94477	P	(Moderate)	2022-02-18
oval:org.opensuse.security:def:5344	P	Security update for xen (Important)	2022-02-17
oval:org.opensuse.security:def:101886	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:96779	P	sudo-1.8.22-4.3.3 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:2382	P	flac-1.3.2-3.6.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63471	P	flac-1.3.2-3.6.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:985	P	flac-devel-1.3.2-3.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71815	P	flac-devel-1.3.2-3.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62074	P	flac-devel-1.3.2-3.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100832	P	flac-devel-1.3.2-3.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101190	P	libexiv2-26-0.26-6.8.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:33654	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:60260	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:28916	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:55827	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:86089	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:81076	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:31625	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:58746	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:88434	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:23577	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:51893	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:84145	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:127105	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:33912	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:61074	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:29367	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:57001	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:86561	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:82123	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:32097	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:59477	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:89132	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:23905	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:54739	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:84603	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:34437	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:30004	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:57448	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:87387	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:21394	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:51142	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:82574	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:125538	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:32923	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:59735	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:89390	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:26054	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:55190	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:85642	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:5041	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:35251	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:31178	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:57920	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:88121	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:23154	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:83211	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:126708	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:110933	P	Security update for flac (Moderate)	2020-12-28
oval:org.opensuse.security:def:110392	P	Security update for flac (Moderate)	2020-12-27
oval:org.opensuse.security:def:97397	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:108552	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:75501	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:7412	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:70177	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:117371	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:64283	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:104795	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:68473	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:98105	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:109216	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:75782	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:8539	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:90432	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:118301	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:64454	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:102550	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:105248	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:73405	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:5625	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:68501	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:98558	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:9283	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:91140	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:66433	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:107856	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:73576	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:95837	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:7384	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:69423	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:104087	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:10037	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:91593	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:66714	P	Security update for flac (Moderate)	2020-12-24

BACK