{"id":"ASB-A-156999009","details":"In remove of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-156999009","CVE-2020-0408"],"modified":"2026-04-21T15:25:42.831358Z","published":"2020-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2020-10-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/system/core/+/4048e49956a2dfd49af3adf0f78881bf15f3550f"}],"affected":[{"package":{"name":"platform/system/core","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.0:0"},{"fixed":"8.0:2020-10-01"}]}],"versions":["8.0"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"deprecated":false,"target":{"function":"String16::remove","file":"libutils/String16.cpp"},"id":"ASB-A-156999009-01764bae","signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/system/core/+/4048e49956a2dfd49af3adf0f78881bf15f3550f","digest":{"length":847,"function_hash":"184085788428032374942296596925349289888"}},{"deprecated":false,"target":{"file":"libutils/String16.cpp"},"id":"ASB-A-156999009-0a557f30","signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/system/core/+/4048e49956a2dfd49af3adf0f78881bf15f3550f","digest":{"line_hashes":["179546413127064365643011946036906652692","257832645593952933450202912198536893683","250009160809032549125122468052911774658","284266840896283069831890305688739591710"],"threshold":0.9}}],"types":["EoP"],"fixes":["https://android.googlesource.com/platform/system/core/+/4048e49956a2dfd49af3adf0f78881bf15f3550f"],"spl":"2020-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-156999009.json"}},{"package":{"name":"platform/system/core","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.1:0"},{"fixed":"8.1:2020-10-01"}]}],"versions":["8.1"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"deprecated":false,"target":{"function":"String16::remove","file":"libutils/String16.cpp"},"id":"ASB-A-156999009-13fe1bc2","signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/system/core/+/4048e49956a2dfd49af3adf0f78881bf15f3550f","digest":{"length":847,"function_hash":"184085788428032374942296596925349289888"}},{"deprecated":false,"target":{"file":"libutils/String16.cpp"},"id":"ASB-A-156999009-4073db62","signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/system/core/+/4048e49956a2dfd49af3adf0f78881bf15f3550f","digest":{"line_hashes":["179546413127064365643011946036906652692","257832645593952933450202912198536893683","250009160809032549125122468052911774658","284266840896283069831890305688739591710"],"threshold":0.9}}],"types":["EoP"],"fixes":["https://android.googlesource.com/platform/system/core/+/4048e49956a2dfd49af3adf0f78881bf15f3550f"],"spl":"2020-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-156999009.json"}},{"package":{"name":"platform/system/core","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2020-10-01"}]}],"versions":["9"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"deprecated":false,"target":{"file":"libutils/String16.cpp"},"id":"ASB-A-156999009-41eb9125","signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/system/core/+/4048e49956a2dfd49af3adf0f78881bf15f3550f","digest":{"line_hashes":["179546413127064365643011946036906652692","257832645593952933450202912198536893683","250009160809032549125122468052911774658","284266840896283069831890305688739591710"],"threshold":0.9}},{"deprecated":false,"target":{"function":"String16::remove","file":"libutils/String16.cpp"},"id":"ASB-A-156999009-b4efd6d0","signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/system/core/+/4048e49956a2dfd49af3adf0f78881bf15f3550f","digest":{"length":847,"function_hash":"184085788428032374942296596925349289888"}}],"types":["EoP"],"fixes":["https://android.googlesource.com/platform/system/core/+/4048e49956a2dfd49af3adf0f78881bf15f3550f"],"spl":"2020-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-156999009.json"}},{"package":{"name":"platform/system/core","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2020-10-01"}]}],"versions":["10"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"deprecated":false,"target":{"function":"String16::remove","file":"libutils/String16.cpp"},"id":"ASB-A-156999009-38d992bc","signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/system/core/+/4048e49956a2dfd49af3adf0f78881bf15f3550f","digest":{"length":847,"function_hash":"184085788428032374942296596925349289888"}},{"deprecated":false,"target":{"file":"libutils/String16.cpp"},"id":"ASB-A-156999009-8281d374","signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/system/core/+/4048e49956a2dfd49af3adf0f78881bf15f3550f","digest":{"line_hashes":["179546413127064365643011946036906652692","257832645593952933450202912198536893683","250009160809032549125122468052911774658","284266840896283069831890305688739591710"],"threshold":0.9}}],"types":["EoP"],"fixes":["https://android.googlesource.com/platform/system/core/+/4048e49956a2dfd49af3adf0f78881bf15f3550f"],"spl":"2020-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-156999009.json"}}],"schema_version":"1.7.5"}