{"id":"ASB-A-161362564","details":"In send_vc of res_send.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-161362564","CVE-2020-0424"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2020-11-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2020-11-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/DnsResolver/+/a9e6f1dffd84ca758721d9cacd08acb49af0a331"}],"affected":[{"package":{"name":"platform/packages/modules/DnsResolver","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11-next:0"},{"fixed":"11-next:2020-11-01"}]}],"versions":["11-next"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","target":{"function":"DNSResponder::makeResponse","file":"tests/dns_responder/dns_responder.cpp"},"id":"ASB-A-161362564-1f62e3f6","signature_version":"v1","deprecated":false,"digest":{"function_hash":"35539502111325755122583892640429564220","length":924},"source":"https://android.googlesource.com/platform/packages/modules/DnsResolver/+/cf6ee247113426ef4e7365a86d00bb5430186802"},{"signature_type":"Function","target":{"function":"DNSHeader::write","file":"tests/dns_responder/dns_responder.cpp"},"id":"ASB-A-161362564-26f8dfea","signature_version":"v1","deprecated":false,"digest":{"function_hash":"50916082365849672789076504343428662564","length":232},"source":"https://android.googlesource.com/platform/packages/modules/DnsResolver/+/cf6ee247113426ef4e7365a86d00bb5430186802"},{"signature_type":"Function","target":{"function":"DNSRecord::toString","file":"tests/dns_responder/dns_responder.cpp"},"id":"ASB-A-161362564-38461e1c","signature_version":"v1","deprecated":false,"digest":{"function_hash":"325040015019392882349216064698903649657","length":224},"source":"https://android.googlesource.com/platform/packages/modules/DnsResolver/+/cf6ee247113426ef4e7365a86d00bb5430186802"},{"signature_type":"Line","target":{"file":"resolv_unit_test.cpp"},"id":"ASB-A-161362564-52857790","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["19756783086956684939464659653102880438","214656398470166395329039798452271724855","274751325116650072209976799435780589298","167388921186497990951347616861137744971","314795470702522144478260980722654769921","119227480009440006782918308909974885162","37196084167207773175407619960305818969","12704256509948936188603276781284078475","51234341079629310342239999201266407578"]},"source":"https://android.googlesource.com/platform/packages/modules/DnsResolver/+/cf6ee247113426ef4e7365a86d00bb5430186802"},{"signature_type":"Line","signature_version":"v1","id":"ASB-A-161362564-67a7b536","target":{"file":"res_send.cpp"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["142723077593396276012672272027982628999","92143609247427214686239157749682395901","126802036219927382060963197075114743988","290070559627312500572116379896075330011","194566245163411723997410734521664604283","263736953840447124277505059261505231321","63943215951144050748809969911439280451","130107557102582169396650189605609244043"]},"source":"https://android.googlesource.com/platform/packages/modules/DnsResolver/+/cf6ee247113426ef4e7365a86d00bb5430186802"},{"signature_type":"Line","signature_version":"v1","id":"ASB-A-161362564-7c65fd90","target":{"file":"tests/dns_responder/dns_responder.cpp"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["263625284088241163314098115131266134077","299915883986698326109224867548386455951","251312207096666937109133304613388166782","238074952560735563201118440376118731100","252601273707750423031494477996971189071","287819134503134567626415154978180388603","102538777449873772695991670935344787962","198869978076792170991500534162856720183","206318924502649792718994958689036107880","249332685859500533777568806818787824436","295018980358402084732345287198605703256","138410934917367099096807154716970024861","9013794960335182145933115268529203611","74325093781113951249297646497496540738","197043263226415807210935104582421041306","149497507326108708030571648188552443800","175332889266629744209431190811420468721","92559037487774276146700234684393547840","288587117179188015656690575905629138768","48039735758259285762908423955466416146","98078324473702097469785485929797241605","331718877125383386278057538765233613432","96260180906215686832630307372501509556","158190844951187984225430414404463700406"]},"source":"https://android.googlesource.com/platform/packages/modules/DnsResolver/+/cf6ee247113426ef4e7365a86d00bb5430186802"},{"signature_type":"Function","signature_version":"v1","id":"ASB-A-161362564-bb1d98f8","target":{"function":"DNSQuestion::toString","file":"tests/dns_responder/dns_responder.cpp"},"deprecated":false,"digest":{"function_hash":"67678898904299609321920856213437602095","length":227},"source":"https://android.googlesource.com/platform/packages/modules/DnsResolver/+/cf6ee247113426ef4e7365a86d00bb5430186802"},{"signature_type":"Function","signature_version":"v1","id":"ASB-A-161362564-ce1d9c2d","target":{"function":"send_vc","file":"res_send.cpp"},"deprecated":false,"digest":{"function_hash":"187441872549794670462919906892566780987","length":4468},"source":"https://android.googlesource.com/platform/packages/modules/DnsResolver/+/cf6ee247113426ef4e7365a86d00bb5430186802"},{"signature_type":"Function","signature_version":"v1","id":"ASB-A-161362564-ef3a7382","target":{"function":"DNSResponder::handleQuery","file":"tests/dns_responder/dns_responder.cpp"},"deprecated":false,"digest":{"function_hash":"116951451660065994402049747825323609413","length":2686},"source":"https://android.googlesource.com/platform/packages/modules/DnsResolver/+/cf6ee247113426ef4e7365a86d00bb5430186802"}],"spl":"2020-11-01","severity":"High","fixes":["https://android.googlesource.com/platform/packages/modules/DnsResolver/+/cf6ee247113426ef4e7365a86d00bb5430186802"],"types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-161362564.json"}},{"package":{"name":"platform/bionic","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2020-11-01"}]}],"versions":["9"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Line","signature_version":"v1","id":"ASB-A-161362564-29505bee","target":{"file":"libc/dns/resolv/res_send.c"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["142723077593396276012672272027982628999","92143609247427214686239157749682395901","126802036219927382060963197075114743988","75756922903077522798670206440624861463","197150037671742754570801066009693100319","140955806545385971315722335143108687325","256783501389096161798749163664437422023","109129369475202876932278717366227933960"]},"source":"https://android.googlesource.com/platform/bionic/+/43264bc36557db9a281b321aab16e574401dfddc"},{"signature_type":"Function","signature_version":"v1","id":"ASB-A-161362564-42cfcea1","target":{"function":"send_vc","file":"libc/dns/resolv/res_send.c"},"deprecated":false,"digest":{"function_hash":"123310323820963798620423236766087222794","length":4462},"source":"https://android.googlesource.com/platform/bionic/+/43264bc36557db9a281b321aab16e574401dfddc"}],"spl":"2020-11-01","severity":"High","fixes":["https://android.googlesource.com/platform/bionic/+/43264bc36557db9a281b321aab16e574401dfddc"],"types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-161362564.json"}},{"package":{"name":"platform/system/netd","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2020-11-01"}]}],"versions":["10"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","signature_version":"v1","id":"ASB-A-161362564-60d42965","target":{"function":"send_vc","file":"resolv/res_send.cpp"},"deprecated":false,"digest":{"function_hash":"221494312084333970574832682945320117663","length":4128},"source":"https://android.googlesource.com/platform/system/netd/+/11ad8ac8e1f6b3c7f50ca45b5de2f40e30f35cfb"},{"signature_type":"Line","signature_version":"v1","id":"ASB-A-161362564-ce0bee2e","target":{"file":"resolv/res_send.cpp"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["142723077593396276012672272027982628999","92143609247427214686239157749682395901","126802036219927382060963197075114743988","290070559627312500572116379896075330011","194566245163411723997410734521664604283","263736953840447124277505059261505231321","63943215951144050748809969911439280451","130107557102582169396650189605609244043"]},"source":"https://android.googlesource.com/platform/system/netd/+/11ad8ac8e1f6b3c7f50ca45b5de2f40e30f35cfb"}],"spl":"2020-11-01","severity":"High","fixes":["https://android.googlesource.com/platform/system/netd/+/11ad8ac8e1f6b3c7f50ca45b5de2f40e30f35cfb"],"types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-161362564.json"}},{"package":{"name":"platform/packages/modules/DnsResolver","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2020-11-01"}]}],"versions":["11"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","signature_version":"v1","id":"ASB-A-161362564-004ce43f","target":{"function":"DNSHeader::write","file":"tests/dns_responder/dns_responder.cpp"},"deprecated":false,"digest":{"function_hash":"50916082365849672789076504343428662564","length":232},"source":"https://android.googlesource.com/platform/packages/modules/DnsResolver/+/5214c6bebaadfe307579ee930fc650235b157192"},{"signature_type":"Function","signature_version":"v1","id":"ASB-A-161362564-1e93f510","target":{"function":"DNSRecord::toString","file":"tests/dns_responder/dns_responder.cpp"},"deprecated":false,"digest":{"function_hash":"325040015019392882349216064698903649657","length":224},"source":"https://android.googlesource.com/platform/packages/modules/DnsResolver/+/5214c6bebaadfe307579ee930fc650235b157192"},{"signature_type":"Function","signature_version":"v1","id":"ASB-A-161362564-3e62af8e","target":{"function":"DNSResponder::makeResponse","file":"tests/dns_responder/dns_responder.cpp"},"deprecated":false,"digest":{"function_hash":"35539502111325755122583892640429564220","length":924},"source":"https://android.googlesource.com/platform/packages/modules/DnsResolver/+/5214c6bebaadfe307579ee930fc650235b157192"},{"signature_type":"Function","signature_version":"v1","id":"ASB-A-161362564-581da72a","target":{"function":"DNSQuestion::toString","file":"tests/dns_responder/dns_responder.cpp"},"deprecated":false,"digest":{"function_hash":"67678898904299609321920856213437602095","length":227},"source":"https://android.googlesource.com/platform/packages/modules/DnsResolver/+/5214c6bebaadfe307579ee930fc650235b157192"},{"signature_type":"Line","signature_version":"v1","id":"ASB-A-161362564-6805e5ca","target":{"file":"res_send.cpp"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["142723077593396276012672272027982628999","92143609247427214686239157749682395901","126802036219927382060963197075114743988","290070559627312500572116379896075330011","194566245163411723997410734521664604283","263736953840447124277505059261505231321","63943215951144050748809969911439280451","130107557102582169396650189605609244043"]},"source":"https://android.googlesource.com/platform/packages/modules/DnsResolver/+/5214c6bebaadfe307579ee930fc650235b157192"},{"signature_type":"Function","target":{"function":"send_vc","file":"res_send.cpp"},"id":"ASB-A-161362564-bff2e9b9","signature_version":"v1","deprecated":false,"digest":{"function_hash":"187441872549794670462919906892566780987","length":4468},"source":"https://android.googlesource.com/platform/packages/modules/DnsResolver/+/5214c6bebaadfe307579ee930fc650235b157192"},{"signature_type":"Line","signature_version":"v1","id":"ASB-A-161362564-cdb7a622","target":{"file":"tests/dns_responder/dns_responder.cpp"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["263625284088241163314098115131266134077","299915883986698326109224867548386455951","251312207096666937109133304613388166782","238074952560735563201118440376118731100","252601273707750423031494477996971189071","287819134503134567626415154978180388603","102538777449873772695991670935344787962","198869978076792170991500534162856720183","206318924502649792718994958689036107880","249332685859500533777568806818787824436","295018980358402084732345287198605703256","138410934917367099096807154716970024861","9013794960335182145933115268529203611","74325093781113951249297646497496540738","197043263226415807210935104582421041306","149497507326108708030571648188552443800","175332889266629744209431190811420468721","92559037487774276146700234684393547840","288587117179188015656690575905629138768","48039735758259285762908423955466416146","98078324473702097469785485929797241605","331718877125383386278057538765233613432","96260180906215686832630307372501509556","158190844951187984225430414404463700406"]},"source":"https://android.googlesource.com/platform/packages/modules/DnsResolver/+/5214c6bebaadfe307579ee930fc650235b157192"},{"signature_type":"Line","signature_version":"v1","id":"ASB-A-161362564-d1d2f153","target":{"file":"resolv_unit_test.cpp"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["19756783086956684939464659653102880438","214656398470166395329039798452271724855","274751325116650072209976799435780589298","167388921186497990951347616861137744971","314795470702522144478260980722654769921","119227480009440006782918308909974885162","37196084167207773175407619960305818969","12704256509948936188603276781284078475","51234341079629310342239999201266407578"]},"source":"https://android.googlesource.com/platform/packages/modules/DnsResolver/+/5214c6bebaadfe307579ee930fc650235b157192"},{"signature_type":"Function","signature_version":"v1","id":"ASB-A-161362564-e0d0f820","target":{"function":"DNSResponder::handleQuery","file":"tests/dns_responder/dns_responder.cpp"},"deprecated":false,"digest":{"function_hash":"116951451660065994402049747825323609413","length":2686},"source":"https://android.googlesource.com/platform/packages/modules/DnsResolver/+/5214c6bebaadfe307579ee930fc650235b157192"}],"spl":"2020-11-01","severity":"High","fixes":["https://android.googlesource.com/platform/packages/modules/DnsResolver/+/5214c6bebaadfe307579ee930fc650235b157192"],"types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-161362564.json"}}],"schema_version":"1.7.5"}