{"api_version":"1","generated_at":"2026-04-23T06:07:59+00:00","cve":"CVE-2020-0128","urls":{"html":"https://cve.report/CVE-2020-0128","api":"https://cve.report/api/cve/CVE-2020-0128.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-0128","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-0128"},"summary":{"title":"CVE-2020-0128","description":"In addPacket of AMPEG4ElementaryAssembler, there is an out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-123940919","state":"PUBLIC","assigner":"security@android.com","published_at":"2020-06-11 15:15:00","updated_at":"2021-07-21 11:39:00"},"problem_types":["CWE-125","CWE-190"],"metrics":[],"references":[{"url":"https://source.android.com/security/bulletin/pixel/2020-06-01","name":"https://source.android.com/security/bulletin/pixel/2020-06-01","refsource":"MISC","tags":["Patch","Vendor Advisory"],"title":"Pixel Update Bulletin—June 2020  |  Android Open Source Project","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-0128","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-0128","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"128","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"128","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-0128","qid":"610318","title":"Google Android February 2021 Security Patch Missing for Huawei EMUI"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-0128","ASSIGNER":"security@android.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Android","version":{"version_data":[{"version_value":"Android-10"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Information disclosure"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://source.android.com/security/bulletin/pixel/2020-06-01","url":"https://source.android.com/security/bulletin/pixel/2020-06-01"}]},"description":{"description_data":[{"lang":"eng","value":"In addPacket of AMPEG4ElementaryAssembler, there is an out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-123940919"}]}},"nvd":{"publishedDate":"2020-06-11 15:15:00","lastModifiedDate":"2021-07-21 11:39:00","problem_types":["CWE-125","CWE-190"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"128","Ordinal":"158193","Title":"CVE-2020-0128","CVE":"CVE-2020-0128","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"128","Ordinal":"1","NoteData":"In addPacket of AMPEG4ElementaryAssembler, there is an out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-123940919","Type":"Description","Title":null},{"CveYear":"2020","CveId":"128","Ordinal":"2","NoteData":"2020-06-11","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"128","Ordinal":"3","NoteData":"2020-06-11","Type":"Other","Title":"Modified"}]}}}