CVE-2020-0022

Description from NVD

In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715

Information Acquisition Date:2021-04-27T10:39Z

CVSS 2.0: 8.3 HIGH CVSS 3.x: 8.8 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV)	Network	Adjacent	Local	Physical
Attack Complexity (AC)	LOW	High
Privileges Required (PR)	None	Low	High
User Interaction (UI)	None	Required
Scope (S)	Unchange	Change
Confidentiality (C)	None	Low	High
Integrity (I)	None	Low	High
Availability (A)	None	Low	High

▼ CVSS2 Vec AV:A/AC:L/Au:N/C:C/I:C/A:C

Attack Vector (AV)	Network	Adjacent	Local
Access Complexity (AC)	Low	Medium	High
Authentication (Au)	None	Single	Multiple
Confidentiality (C)	None	Partial	Complete
Integrity (I)	None	Partial	Complete
Availability (A)	None	Partial	Complete

NVD References

https://source.android.com/security/bulletin/2020-02-01
source:MISC
tags:Patch Vendor Advisory

20200214 Re: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) - BlueFrag
source:FULLDISC
tags:Exploit Mailing List Third Party Advisory

http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html
source:MISC
tags:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en
source:CONFIRM
tags:

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE Infomation	Exploits or more Infomation
mitre	EXPLOIT DATABASE
NVD	0day.today
vulmon.com	github
CVE Details	Twitter
JVN ENG JPN
Reconshell

Software Tag: Android(2 tweets)

List of frequently cited URLs

URL	Num of Times Referred to
http://vulmon.com/vulnerabilitydetails?qid=CVE	1659
http://newsbythehour.org/cybr	34
http://canyoupwn.me	14
https://www.vmware.com/security/advisories/VMSA-2020-0022.html	6
https://twitter.com/search?src=sprv&q=CVE-2020-0022	5
https://news.ycombinator.com/item?id=22971863	5
https://srcincite.io/advisories/src-2020-0022/	4
http://twinybots.ch	4
http://tweetedtimes.com/Pentest101MX?s=tnp	4
https://bit.ly/2xWrkdA	3
https://ift.tt/2x4DHny	3
https://insinuator.net/2020/02/critical-bluetooth-vulnerabi...	3

Information from Twitter

User	URL	Info Source	Date
omvapt	https://vapt.me/BlueFrag	Source omvapt 1635501210932326400	2023/03/14
cybersecmood	https://insinuator.net/2020/04/cve-2020-0022-an-android-8-0...	Source cybersecmood 1635778897907273728	2023/03/15

List of frequently cited URLs

URL	Num of Times Referred to
vulmon.com	1659
newsbythehour.org	34
canyoupwn.me	14
www.vmware.com	6
twitter.com	5
news.ycombinator.com	5
srcincite.io	4
twinybots.ch	4
tweetedtimes.com	4
bit.ly	3
ift.tt	3
insinuator.net	3

Information from Twitter

User	URL	Info Source
omvapt	vapt.me	Show Tweet
cybersecmood	insinuator.net	Show Tweet

GitHub Search Results: Up to 10

Name	URL
No Data

GitHub Search Results: Up to 10

Name	URL
No Data

2023/03/15 Score : 1
Added Har-sia Database : 2020/02/07
Last Modified : 2023/03/15
Highest Scored Date : 2020/04/23
Highest Score : 73