CVE-2020-0463

HIGH

Android - Out-of-bounds Read in Bluetooth SDP Server

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-0463. PoCs published by nanopathi.

AI-analyzed exploit summary This repository contains the Fluoride Bluetooth stack source code, which includes the vulnerable code for CVE-2020-0463. It provides build instructions and documentation but does not include a functional exploit or PoC.

Description

In sdp_server_handle_client_req of sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-169342531

Exploits (2)

gitlab WRITEUP

by nanopathi · poc

https://gitlab.com/nanopathi/system_bt_AOSP10_r33_CVE-2020-0463

View Code ZIP pw:eip

This repository contains the Fluoride Bluetooth stack source code, which includes the vulnerable code for CVE-2020-0463. It provides build instructions and documentation but does not include a functional exploit or PoC.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: Android Bluetooth stack (Fluoride)

No auth needed

Prerequisites: Access to the Bluetooth stack · Build environment for Android/AOSP

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 23, 2026 Full analysis →

nomisec WORKING POC

by nanopathi · poc

https://github.com/nanopathi/system_bt_AOSP10_r33_CVE-2020-0463

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2020-0463, a vulnerability in the Fluoride Bluetooth stack used in Android. The exploit targets the SBC (Subband Codec) decoder, specifically in the `alloc.c` file, which is part of the Bluetooth audio processing pipeline.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Android Fluoride Bluetooth Stack (AOSP 10 r33)

No auth needed

Prerequisites: Access to a vulnerable Android device with Bluetooth enabled · Ability to send maliciously crafted SBC audio data

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://source.android.com/security/bulletin/2020-12-01

Scores

CVSS v3 7.5

EPSS 0.0140

EPSS Percentile 68.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-125

Status published

Products (5)

google/android 8.0

google/android 8.1

google/android 9.0

google/android 10.0

google/android 11.0

Published Dec 14, 2020

Tracked Since Feb 18, 2026