{"api_version":"1","generated_at":"2026-04-23T09:37:54+00:00","cve":"CVE-2020-0034","urls":{"html":"https://cve.report/CVE-2020-0034","api":"https://cve.report/api/cve/CVE-2020-0034.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-0034","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-0034"},"summary":{"title":"CVE-2020-0034","description":"In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770","state":"PUBLIC","assigner":"security@android.com","published_at":"2020-03-10 20:15:00","updated_at":"2021-11-29 17:26:00"},"problem_types":["CWE-125"],"metrics":[],"references":[{"url":"https://lists.debian.org/debian-lts-announce/2021/11/msg00024.html","name":"[debian-lts-announce] 20211127 [SECURITY] [DLA 2829-1] libvpx security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2829-1] libvpx security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://source.android.com/security/bulletin/2020-03-01","name":"https://source.android.com/security/bulletin/2020-03-01","refsource":"MISC","tags":["Vendor Advisory"],"title":"Android Security Bulletin—March 2020  |  Android Open Source Project","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00048.html","name":"openSUSE-SU-2020:0680","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2020:0680-1: moderate: Security update f","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-0034","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-0034","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"34","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"34","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"34","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"8.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"34","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"34","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"8.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-0034","qid":"178912","title":"Debian Security Update for libvpx (DLA 2829-1)"},{"cve":"CVE-2020-0034","qid":"377252","title":"Alibaba Cloud Linux Security Update for libvpx (ALINUX2-SA-2020:0127)"},{"cve":"CVE-2020-0034","qid":"501070","title":"Alpine Linux Security Update for libvpx"},{"cve":"CVE-2020-0034","qid":"751550","title":"SUSE Enterprise Linux Security Update for libvpx (SUSE-SU-2021:4168-1)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-0034","ASSIGNER":"security@android.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Android","version":{"version_data":[{"version_value":"Android-8.0 Android-8.1"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Information disclosure"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://source.android.com/security/bulletin/2020-03-01","url":"https://source.android.com/security/bulletin/2020-03-01"},{"refsource":"SUSE","name":"openSUSE-SU-2020:0680","url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00048.html"},{"refsource":"MLIST","name":"[debian-lts-announce] 20211127 [SECURITY] [DLA 2829-1] libvpx security update","url":"https://lists.debian.org/debian-lts-announce/2021/11/msg00024.html"}]},"description":{"description_data":[{"lang":"eng","value":"In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770"}]}},"nvd":{"publishedDate":"2020-03-10 20:15:00","lastModifiedDate":"2021-11-29 17:26:00","problem_types":["CWE-125"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.8},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"34","Ordinal":"158099","Title":"CVE-2020-0034","CVE":"CVE-2020-0034","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"34","Ordinal":"1","NoteData":"In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770","Type":"Description","Title":null},{"CveYear":"2020","CveId":"34","Ordinal":"2","NoteData":"2020-03-10","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"34","Ordinal":"3","NoteData":"2021-11-27","Type":"Other","Title":"Modified"}]}}}