9.8
CVE-2024-20011
- EPSS 3.27%
- Published 05.02.2024 06:15:47
- Last modified 21.11.2024 08:51:47
- Source security@mediatek.com
- Teams watchlist Login
- Open Login
In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146.
Data is provided by the National Vulnerability Database (NVD)
Google ≫ Android Version11.0
Mediatek ≫ Mt6985 Version-
Mediatek ≫ Mt8127 Version-
Mediatek ≫ Mt8135 Version-
Mediatek ≫ Mt8167 Version-
Mediatek ≫ Mt8167s Version-
Mediatek ≫ Mt8168 Version-
Mediatek ≫ Mt8173 Version-
Mediatek ≫ Mt8175 Version-
Mediatek ≫ Mt8176 Version-
Mediatek ≫ Mt8183 Version-
Mediatek ≫ Mt8185 Version-
Mediatek ≫ Mt8188 Version-
Mediatek ≫ Mt8188t Version-
Mediatek ≫ Mt8195 Version-
Mediatek ≫ Mt8195z Version-
Mediatek ≫ Mt8312c Version-
Mediatek ≫ Mt8312d Version-
Mediatek ≫ Mt8127 Version-
Mediatek ≫ Mt8135 Version-
Mediatek ≫ Mt8167 Version-
Mediatek ≫ Mt8167s Version-
Mediatek ≫ Mt8168 Version-
Mediatek ≫ Mt8173 Version-
Mediatek ≫ Mt8175 Version-
Mediatek ≫ Mt8176 Version-
Mediatek ≫ Mt8183 Version-
Mediatek ≫ Mt8185 Version-
Mediatek ≫ Mt8188 Version-
Mediatek ≫ Mt8188t Version-
Mediatek ≫ Mt8195 Version-
Mediatek ≫ Mt8195z Version-
Mediatek ≫ Mt8312c Version-
Mediatek ≫ Mt8312d Version-
Google ≫ Android Version12.0
Mediatek ≫ Mt6985 Version-
Mediatek ≫ Mt8127 Version-
Mediatek ≫ Mt8135 Version-
Mediatek ≫ Mt8167 Version-
Mediatek ≫ Mt8167s Version-
Mediatek ≫ Mt8168 Version-
Mediatek ≫ Mt8173 Version-
Mediatek ≫ Mt8175 Version-
Mediatek ≫ Mt8176 Version-
Mediatek ≫ Mt8183 Version-
Mediatek ≫ Mt8185 Version-
Mediatek ≫ Mt8188 Version-
Mediatek ≫ Mt8188t Version-
Mediatek ≫ Mt8195 Version-
Mediatek ≫ Mt8195z Version-
Mediatek ≫ Mt8312c Version-
Mediatek ≫ Mt8312d Version-
Mediatek ≫ Mt8127 Version-
Mediatek ≫ Mt8135 Version-
Mediatek ≫ Mt8167 Version-
Mediatek ≫ Mt8167s Version-
Mediatek ≫ Mt8168 Version-
Mediatek ≫ Mt8173 Version-
Mediatek ≫ Mt8175 Version-
Mediatek ≫ Mt8176 Version-
Mediatek ≫ Mt8183 Version-
Mediatek ≫ Mt8185 Version-
Mediatek ≫ Mt8188 Version-
Mediatek ≫ Mt8188t Version-
Mediatek ≫ Mt8195 Version-
Mediatek ≫ Mt8195z Version-
Mediatek ≫ Mt8312c Version-
Mediatek ≫ Mt8312d Version-
Google ≫ Android Version13.0
Mediatek ≫ Mt6985 Version-
Mediatek ≫ Mt8127 Version-
Mediatek ≫ Mt8135 Version-
Mediatek ≫ Mt8167 Version-
Mediatek ≫ Mt8167s Version-
Mediatek ≫ Mt8168 Version-
Mediatek ≫ Mt8173 Version-
Mediatek ≫ Mt8175 Version-
Mediatek ≫ Mt8176 Version-
Mediatek ≫ Mt8183 Version-
Mediatek ≫ Mt8185 Version-
Mediatek ≫ Mt8188 Version-
Mediatek ≫ Mt8188t Version-
Mediatek ≫ Mt8195 Version-
Mediatek ≫ Mt8195z Version-
Mediatek ≫ Mt8312c Version-
Mediatek ≫ Mt8312d Version-
Mediatek ≫ Mt8127 Version-
Mediatek ≫ Mt8135 Version-
Mediatek ≫ Mt8167 Version-
Mediatek ≫ Mt8167s Version-
Mediatek ≫ Mt8168 Version-
Mediatek ≫ Mt8173 Version-
Mediatek ≫ Mt8175 Version-
Mediatek ≫ Mt8176 Version-
Mediatek ≫ Mt8183 Version-
Mediatek ≫ Mt8185 Version-
Mediatek ≫ Mt8188 Version-
Mediatek ≫ Mt8188t Version-
Mediatek ≫ Mt8195 Version-
Mediatek ≫ Mt8195z Version-
Mediatek ≫ Mt8312c Version-
Mediatek ≫ Mt8312d Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.27% | 0.867 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.