{"id":"ASB-A-158833854","details":"In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-158833854","CVE-2020-0377"],"modified":"2026-05-26T15:46:26.044149249Z","published":"2020-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2020-10-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131"}],"affected":[{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.0:0"},{"fixed":"8.0:2020-10-01"}]}],"versions":["8.0"],"ecosystem_specific":{"types":["ID"],"fixes":["https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131"],"severity":"High","vanir_signatures":[{"id":"ASB-A-158833854-1a1ec668","target":{"file":"stack/gatt/gatt_cl.cc","function":"gatt_process_read_by_type_rsp"},"digest":{"length":4639,"function_hash":"42957258101994466047224867379899158865"},"source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131","deprecated":false,"signature_version":"v1","signature_type":"Function"},{"signature_type":"Line","target":{"file":"stack/gatt/gatt_cl.cc"},"source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131","id":"ASB-A-158833854-5c856825","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["128209036849682925507769272032220842630","118148119298219337041890358602925579698","100322082609158840451188941519335099218","205891181816671458137863107350817757273","339782928233670025478778286670126471030","5549041135905431976777039003897884896","231526857142627928993022467953418278079","314515756551669587750579748008643120521"]},"signature_version":"v1"}],"spl":"2020-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-158833854.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.1:0"},{"fixed":"8.1:2020-10-01"}]}],"versions":["8.1"],"ecosystem_specific":{"types":["ID"],"severity":"High","fixes":["https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131"],"vanir_signatures":[{"id":"ASB-A-158833854-5e9454b6","target":{"file":"stack/gatt/gatt_cl.cc","function":"gatt_process_read_by_type_rsp"},"source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131","digest":{"length":4639,"function_hash":"42957258101994466047224867379899158865"},"deprecated":false,"signature_version":"v1","signature_type":"Function"},{"id":"ASB-A-158833854-b9570689","target":{"file":"stack/gatt/gatt_cl.cc"},"digest":{"threshold":0.9,"line_hashes":["128209036849682925507769272032220842630","118148119298219337041890358602925579698","100322082609158840451188941519335099218","205891181816671458137863107350817757273","339782928233670025478778286670126471030","5549041135905431976777039003897884896","231526857142627928993022467953418278079","314515756551669587750579748008643120521"]},"source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131","deprecated":false,"signature_version":"v1","signature_type":"Line"}],"spl":"2020-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-158833854.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2020-10-01"}]}],"versions":["9"],"ecosystem_specific":{"types":["ID"],"fixes":["https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131"],"severity":"High","vanir_signatures":[{"id":"ASB-A-158833854-6de9f13c","target":{"file":"stack/gatt/gatt_cl.cc"},"digest":{"threshold":0.9,"line_hashes":["128209036849682925507769272032220842630","118148119298219337041890358602925579698","100322082609158840451188941519335099218","205891181816671458137863107350817757273","339782928233670025478778286670126471030","5549041135905431976777039003897884896","231526857142627928993022467953418278079","314515756551669587750579748008643120521"]},"source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131","deprecated":false,"signature_version":"v1","signature_type":"Line"},{"signature_version":"v1","target":{"file":"stack/gatt/gatt_cl.cc","function":"gatt_process_read_by_type_rsp"},"source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131","signature_type":"Function","deprecated":false,"id":"ASB-A-158833854-d48d27c2","digest":{"length":4639,"function_hash":"42957258101994466047224867379899158865"}}],"spl":"2020-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-158833854.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2020-10-01"}]}],"versions":["10"],"ecosystem_specific":{"types":["ID"],"severity":"High","fixes":["https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131"],"vanir_signatures":[{"id":"ASB-A-158833854-31a872ba","target":{"file":"stack/gatt/gatt_cl.cc"},"source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131","digest":{"threshold":0.9,"line_hashes":["128209036849682925507769272032220842630","118148119298219337041890358602925579698","100322082609158840451188941519335099218","205891181816671458137863107350817757273","339782928233670025478778286670126471030","5549041135905431976777039003897884896","231526857142627928993022467953418278079","314515756551669587750579748008643120521"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-158833854-a1599395","target":{"file":"stack/gatt/gatt_cl.cc","function":"gatt_process_read_by_type_rsp"},"digest":{"length":4639,"function_hash":"42957258101994466047224867379899158865"},"source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131","deprecated":false,"signature_version":"v1","signature_type":"Function"}],"spl":"2020-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-158833854.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2020-10-01"}]}],"versions":["11"],"ecosystem_specific":{"types":["ID"],"severity":"High","fixes":["https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131"],"vanir_signatures":[{"signature_type":"Function","target":{"file":"stack/gatt/gatt_cl.cc","function":"gatt_process_read_by_type_rsp"},"source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131","id":"ASB-A-158833854-14bfa661","deprecated":false,"digest":{"length":4639,"function_hash":"42957258101994466047224867379899158865"},"signature_version":"v1"},{"signature_version":"v1","target":{"file":"stack/gatt/gatt_cl.cc"},"source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131","signature_type":"Line","deprecated":false,"id":"ASB-A-158833854-d42fb086","digest":{"threshold":0.9,"line_hashes":["128209036849682925507769272032220842630","118148119298219337041890358602925579698","100322082609158840451188941519335099218","205891181816671458137863107350817757273","339782928233670025478778286670126471030","5549041135905431976777039003897884896","231526857142627928993022467953418278079","314515756551669587750579748008643120521"]}}],"spl":"2020-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-158833854.json"}}],"schema_version":"1.7.5"}