{"id":"ASB-A-158778659","details":"In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-158778659","CVE-2020-0413"],"modified":"2026-05-19T16:54:37.272608834Z","published":"2020-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2020-10-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131"}],"affected":[{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.0:0"},{"fixed":"8.0:2020-10-01"}]}],"versions":["8.0"],"ecosystem_specific":{"types":["ID"],"fixes":["https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131"],"severity":"High","vanir_signatures":[{"source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131","signature_version":"v1","digest":{"length":4639,"function_hash":"42957258101994466047224867379899158865"},"target":{"function":"gatt_process_read_by_type_rsp","file":"stack/gatt/gatt_cl.cc"},"id":"ASB-A-158778659-1a1ec668","signature_type":"Function","deprecated":false},{"source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131","signature_version":"v1","digest":{"line_hashes":["128209036849682925507769272032220842630","118148119298219337041890358602925579698","100322082609158840451188941519335099218","205891181816671458137863107350817757273","339782928233670025478778286670126471030","5549041135905431976777039003897884896","231526857142627928993022467953418278079","314515756551669587750579748008643120521"],"threshold":0.9},"target":{"file":"stack/gatt/gatt_cl.cc"},"id":"ASB-A-158778659-5c856825","signature_type":"Line","deprecated":false}],"spl":"2020-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-158778659.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.1:0"},{"fixed":"8.1:2020-10-01"}]}],"versions":["8.1"],"ecosystem_specific":{"types":["ID"],"fixes":["https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131"],"severity":"High","vanir_signatures":[{"source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131","signature_version":"v1","digest":{"length":4639,"function_hash":"42957258101994466047224867379899158865"},"target":{"function":"gatt_process_read_by_type_rsp","file":"stack/gatt/gatt_cl.cc"},"id":"ASB-A-158778659-5e9454b6","deprecated":false,"signature_type":"Function"},{"source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131","signature_version":"v1","target":{"file":"stack/gatt/gatt_cl.cc"},"digest":{"line_hashes":["128209036849682925507769272032220842630","118148119298219337041890358602925579698","100322082609158840451188941519335099218","205891181816671458137863107350817757273","339782928233670025478778286670126471030","5549041135905431976777039003897884896","231526857142627928993022467953418278079","314515756551669587750579748008643120521"],"threshold":0.9},"id":"ASB-A-158778659-b9570689","deprecated":false,"signature_type":"Line"}],"spl":"2020-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-158778659.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2020-10-01"}]}],"versions":["9"],"ecosystem_specific":{"types":["ID"],"fixes":["https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131"],"severity":"High","vanir_signatures":[{"source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131","signature_version":"v1","digest":{"line_hashes":["128209036849682925507769272032220842630","118148119298219337041890358602925579698","100322082609158840451188941519335099218","205891181816671458137863107350817757273","339782928233670025478778286670126471030","5549041135905431976777039003897884896","231526857142627928993022467953418278079","314515756551669587750579748008643120521"],"threshold":0.9},"target":{"file":"stack/gatt/gatt_cl.cc"},"id":"ASB-A-158778659-6de9f13c","signature_type":"Line","deprecated":false},{"source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131","signature_version":"v1","digest":{"length":4639,"function_hash":"42957258101994466047224867379899158865"},"target":{"function":"gatt_process_read_by_type_rsp","file":"stack/gatt/gatt_cl.cc"},"id":"ASB-A-158778659-d48d27c2","signature_type":"Function","deprecated":false}],"spl":"2020-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-158778659.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2020-10-01"}]}],"versions":["10"],"ecosystem_specific":{"types":["ID"],"fixes":["https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131"],"severity":"High","vanir_signatures":[{"source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131","signature_version":"v1","digest":{"line_hashes":["128209036849682925507769272032220842630","118148119298219337041890358602925579698","100322082609158840451188941519335099218","205891181816671458137863107350817757273","339782928233670025478778286670126471030","5549041135905431976777039003897884896","231526857142627928993022467953418278079","314515756551669587750579748008643120521"],"threshold":0.9},"target":{"file":"stack/gatt/gatt_cl.cc"},"id":"ASB-A-158778659-31a872ba","signature_type":"Line","deprecated":false},{"source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131","signature_version":"v1","digest":{"length":4639,"function_hash":"42957258101994466047224867379899158865"},"target":{"function":"gatt_process_read_by_type_rsp","file":"stack/gatt/gatt_cl.cc"},"id":"ASB-A-158778659-a1599395","signature_type":"Function","deprecated":false}],"spl":"2020-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-158778659.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2020-10-01"}]}],"versions":["11"],"ecosystem_specific":{"types":["ID"],"fixes":["https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131"],"severity":"High","vanir_signatures":[{"source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131","signature_version":"v1","target":{"function":"gatt_process_read_by_type_rsp","file":"stack/gatt/gatt_cl.cc"},"digest":{"length":4639,"function_hash":"42957258101994466047224867379899158865"},"id":"ASB-A-158778659-14bfa661","deprecated":false,"signature_type":"Function"},{"source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131","signature_version":"v1","target":{"file":"stack/gatt/gatt_cl.cc"},"digest":{"line_hashes":["128209036849682925507769272032220842630","118148119298219337041890358602925579698","100322082609158840451188941519335099218","205891181816671458137863107350817757273","339782928233670025478778286670126471030","5549041135905431976777039003897884896","231526857142627928993022467953418278079","314515756551669587750579748008643120521"],"threshold":0.9},"id":"ASB-A-158778659-d42fb086","deprecated":false,"signature_type":"Line"}],"spl":"2020-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-158778659.json"}}],"schema_version":"1.7.5"}