CVE-2020-11828

EPSS 0.32%
Veröffentlicht 21.04.2020 14:15:11
Zuletzt bearbeitet 21.11.2024 04:58:42
Quelle security@oppo.com
CVE-Watchlists
Login
Unerledigt
Login

In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oppo ≫ Coloros Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.516

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://security.oppo.com/cn/noticedetails.html?noticeId=20201587348300033

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-11828

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-11828

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-11828

EUVD