CVE-2020-0006
MEDIUMAndroid 8.0-10 - Information Disclosure via Uninitialized Heap Memory in rw_i93_send_cmd_write_single_block
Title source: llmDescription
In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to remote information disclosure in the NFC server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-139738828
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2020-01-01
Scores
CVSS v3
6.5
EPSS
0.0077
EPSS Percentile
50.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-908
Status
published
Products (4)
google/android
8.0
google/android
8.1
google/android
9.0
google/android
10.0
Published
Jan 08, 2020
Tracked Since
Feb 18, 2026