CVE-2020-0421

HIGH

Android 8.0-11 - Local Privilege Escalation via String8.cpp Error Handling

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-0421. PoCs published by nanopathi.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2020-0421, a vulnerability in the Android Debug Bridge (ADB) component of Android. The exploit targets a flaw in the ADB protocol handling, specifically in the connection banner parsing and packet processing logic.

Description

In appendFormatV of String8.cpp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-161894517

Exploits (1)

nomisec WORKING POC
by nanopathi · poc
https://github.com/nanopathi/system_core_AOSP10_r33_CVE-2020-0421

This repository contains a proof-of-concept exploit for CVE-2020-0421, a vulnerability in the Android Debug Bridge (ADB) component of Android. The exploit targets a flaw in the ADB protocol handling, specifically in the connection banner parsing and packet processing logic.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Android Debug Bridge (ADB) in Android versions up to AOSP 10 r33
No auth needed
Prerequisites: Access to the target device's ADB interface · Network connectivity to the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://source.android.com/security/bulletin/2020-10-01

Scores

CVSS v3 7.8
EPSS 0.0026
EPSS Percentile 16.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-755 CWE-787
Status published
Products (5)
google/android 8.0
google/android 8.1
google/android 9.0
google/android 10.0
google/android 11.0
Published Oct 14, 2020
Tracked Since Feb 18, 2026