CVE-2024-20011

EPSS 3.27%
Veröffentlicht 05.02.2024 06:15:47
Zuletzt bearbeitet 21.11.2024 08:51:47
Quelle security@mediatek.com
Teams Watchlist Login
Unerledigt Login

In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version11.0

   Mediatek ≫ Mt6985 Version-
   Mediatek ≫ Mt8127 Version-
   Mediatek ≫ Mt8135 Version-
   Mediatek ≫ Mt8167 Version-
   Mediatek ≫ Mt8167s Version-
   Mediatek ≫ Mt8168 Version-
   Mediatek ≫ Mt8173 Version-
   Mediatek ≫ Mt8175 Version-
   Mediatek ≫ Mt8176 Version-
   Mediatek ≫ Mt8183 Version-
   Mediatek ≫ Mt8185 Version-
   Mediatek ≫ Mt8188 Version-
   Mediatek ≫ Mt8188t Version-
   Mediatek ≫ Mt8195 Version-
   Mediatek ≫ Mt8195z Version-
   Mediatek ≫ Mt8312c Version-
   Mediatek ≫ Mt8312d Version-

Google ≫ Android Version12.0

Google ≫ Android Version13.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.27%	0.867

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://corp.mediatek.com/product-security-bulletin/February-2024

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-20011

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-20011

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-20011

EUVD