CVE-2020-0006 | Date: (C)2020-01-09 (M)2023-12-22 |
In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to remote information disclosure in the NFC server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-139738828
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V3 Severity: | CVSS V2 Severity: |
CVSS Score : 6.5 | CVSS Score : 4.3 |
Exploit Score: 2.8 | Exploit Score: 8.6 |
Impact Score: 3.6 | Impact Score: 2.9 |
|
CVSS V3 Metrics: | CVSS V2 Metrics: |
Attack Vector: NETWORK | Access Vector: NETWORK |
Attack Complexity: LOW | Access Complexity: MEDIUM |
Privileges Required: NONE | Authentication: NONE |
User Interaction: REQUIRED | Confidentiality: PARTIAL |
Scope: UNCHANGED | Integrity: NONE |
Confidentiality: HIGH | Availability: NONE |
Integrity: NONE | |
Availability: NONE | |
| |