CVE-2020-0409

HIGH

Android - Integer Overflow to Out-of-Bounds Write in FileMap.cpp

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-0409. PoCs published by nanopathi.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2020-0409, a vulnerability in the Android Debug Bridge (ADB) component of Android. The exploit targets a flaw in the ADB connection handling, potentially allowing unauthorized access or command execution.

Description

In create of FileMap.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-156997193

Exploits (1)

nomisec WORKING POC
by nanopathi · poc
https://github.com/nanopathi/system_core_AOSP10_r33_CVE-2020-0409

This repository contains a proof-of-concept exploit for CVE-2020-0409, a vulnerability in the Android Debug Bridge (ADB) component of Android. The exploit targets a flaw in the ADB connection handling, potentially allowing unauthorized access or command execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Android Debug Bridge (ADB) in Android 10 (AOSP10_r33)
No auth needed
Prerequisites: Access to the target device's ADB interface · Network connectivity to the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://source.android.com/security/bulletin/2020-11-01

Scores

CVSS v3 7.8
EPSS 0.0025
EPSS Percentile 15.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-190 CWE-787
Status published
Products (4)
google/android 8.0
google/android 8.1
google/android 9.0
google/android 10.0
Published Nov 10, 2020
Tracked Since Feb 18, 2026