Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for mate_30_pro_5g_firmware by huawei

    CVE-2020-0022 (GCVE-0-2020-0022)

    Vulnerability from nvd – Published: 2020-02-13 14:21 – Updated: 2024-08-04 05:47
    VLAI
    Summary
    In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Denial of service
    • CWE-682 - Incorrect Calculation
    Assigner
    Impacted products
    Vendor Product Version
    n/a Android Affected: Android-8.0 Android-8.1 Android-9 Android-10
    google android Affected: 8.0
        cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    google android Affected: 9.0
        cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
    Create a notification for this product.
    google android Affected: 10.0
        cpe:2.3:o:google:android:10.0:-:*:*:*:*:*:*
    Create a notification for this product.
    google android Affected: 8.1
        cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "android",
                "vendor": "google",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "android",
                "vendor": "google",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:google:android:10.0:-:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "android",
                "vendor": "google",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "android",
                "vendor": "google",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-0022",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-28T13:54:56.691635Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-682",
                    "description": "CWE-682 Incorrect Calculation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-28T14:00:17.318Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T05:47:40.847Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/2020-02-01"
              },
              {
                "name": "20200214 Re: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) - BlueFrag",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2020/Feb/10"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Android",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Android-8.0 Android-8.1 Android-9 Android-10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-13T13:06:27.000Z",
            "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
            "shortName": "google_android"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://source.android.com/security/bulletin/2020-02-01"
            },
            {
              "name": "20200214 Re: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) - BlueFrag",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2020/Feb/10"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@android.com",
              "ID": "CVE-2020-0022",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Android",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Android-8.0 Android-8.1 Android-9 Android-10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/2020-02-01",
                  "refsource": "MISC",
                  "url": "https://source.android.com/security/bulletin/2020-02-01"
                },
                {
                  "name": "20200214 Re: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) - BlueFrag",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2020/Feb/10"
                },
                {
                  "name": "http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html"
                },
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "assignerShortName": "google_android",
        "cveId": "CVE-2020-0022",
        "datePublished": "2020-02-13T14:21:41.000Z",
        "dateReserved": "2019-10-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T05:47:40.847Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-0022 (GCVE-0-2020-0022)

    Vulnerability from cvelistv5 – Published: 2020-02-13 14:21 – Updated: 2024-08-04 05:47
    VLAI
    Summary
    In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Denial of service
    • CWE-682 - Incorrect Calculation
    Assigner
    Impacted products
    Vendor Product Version
    n/a Android Affected: Android-8.0 Android-8.1 Android-9 Android-10
    google android Affected: 8.0
        cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    google android Affected: 9.0
        cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
    Create a notification for this product.
    google android Affected: 10.0
        cpe:2.3:o:google:android:10.0:-:*:*:*:*:*:*
    Create a notification for this product.
    google android Affected: 8.1
        cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "android",
                "vendor": "google",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "android",
                "vendor": "google",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:google:android:10.0:-:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "android",
                "vendor": "google",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "android",
                "vendor": "google",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-0022",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-28T13:54:56.691635Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-682",
                    "description": "CWE-682 Incorrect Calculation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-28T14:00:17.318Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T05:47:40.847Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/2020-02-01"
              },
              {
                "name": "20200214 Re: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) - BlueFrag",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2020/Feb/10"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Android",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Android-8.0 Android-8.1 Android-9 Android-10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-13T13:06:27.000Z",
            "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
            "shortName": "google_android"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://source.android.com/security/bulletin/2020-02-01"
            },
            {
              "name": "20200214 Re: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) - BlueFrag",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2020/Feb/10"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@android.com",
              "ID": "CVE-2020-0022",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Android",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Android-8.0 Android-8.1 Android-9 Android-10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/2020-02-01",
                  "refsource": "MISC",
                  "url": "https://source.android.com/security/bulletin/2020-02-01"
                },
                {
                  "name": "20200214 Re: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) - BlueFrag",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2020/Feb/10"
                },
                {
                  "name": "http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html"
                },
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "assignerShortName": "google_android",
        "cveId": "CVE-2020-0022",
        "datePublished": "2020-02-13T14:21:41.000Z",
        "dateReserved": "2019-10-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T05:47:40.847Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }