CVE-2020-0258

MEDIUM

Google Android - Information Disclosure

Title source: rule

Description

In stopZygoteLocked of AppZygote.java, there is an insufficient cleanup. This could lead to local information disclosure in the application that is started next with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-157598956

References (2)

[Vendor Advisory] https://source.android.com/security/bulletin/2020-08-01

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/158869/Android-App-Zygotes-Improper-Guarding.html

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 6.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-459

Status published

Products (1)

google/android 10.0

Published Aug 11, 2020

Tracked Since Feb 18, 2026