CVE-2020-0351

In libstagefright, there is possible CPU exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124777537

CVSS v3.0 6.5 MEDIUM
CVSS v2.0 7.1 HIGH

6.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.1^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://source.android.com/security/bulletin/android-11	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*

Information

Published : 2020-09-17 14:15

Updated : 2020-09-21 13:31

NVD link : CVE-2020-0351

Mitre link : CVE-2020-0351

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

google

android

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.1 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2020-0351

6.5^/10

7.1^/10

Attach tags to `CVE-2020-0351`