{"id":"ASB-A-161894517","details":"In appendFormatV of String8.cpp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-161894517","CVE-2020-0421"],"modified":"2026-04-17T15:55:28.020024Z","published":"2020-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2020-10-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/system/core/+/bad50ed24f9d48d001fcedd332d59f162dc3432d"}],"affected":[{"package":{"name":"platform/system/core","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.0:0"},{"fixed":"8.0:2020-10-01"}]}],"versions":["8.0"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/core/+/bad50ed24f9d48d001fcedd332d59f162dc3432d"],"vanir_signatures":[{"target":{"file":"libutils/String8.cpp"},"signature_type":"Line","id":"ASB-A-161894517-25c794ef","digest":{"threshold":0.9,"line_hashes":["179724582368432587449024339023966956690","125373090127878909928384078389237341639","215776864378662469997514373978846441973","221157752089847403538202464558933860083","184377021692256145058180548104623777372"]},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/core/+/bad50ed24f9d48d001fcedd332d59f162dc3432d"},{"target":{"file":"libutils/String8.cpp","function":"String8::appendFormatV"},"signature_type":"Function","id":"ASB-A-161894517-261e69eb","digest":{"length":392,"function_hash":"99346198394436472594005213147588571161"},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/core/+/bad50ed24f9d48d001fcedd332d59f162dc3432d"}],"types":["EoP"],"spl":"2020-10-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-161894517.json"}},{"package":{"name":"platform/system/core","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.1:0"},{"fixed":"8.1:2020-10-01"}]}],"versions":["8.1"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/core/+/bad50ed24f9d48d001fcedd332d59f162dc3432d"],"vanir_signatures":[{"target":{"file":"libutils/String8.cpp"},"signature_type":"Line","id":"ASB-A-161894517-1caba8b0","digest":{"threshold":0.9,"line_hashes":["179724582368432587449024339023966956690","125373090127878909928384078389237341639","215776864378662469997514373978846441973","221157752089847403538202464558933860083","184377021692256145058180548104623777372"]},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/core/+/bad50ed24f9d48d001fcedd332d59f162dc3432d"},{"target":{"file":"libutils/String8.cpp","function":"String8::appendFormatV"},"signature_type":"Function","id":"ASB-A-161894517-3e329e8d","digest":{"length":392,"function_hash":"99346198394436472594005213147588571161"},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/core/+/bad50ed24f9d48d001fcedd332d59f162dc3432d"}],"types":["EoP"],"spl":"2020-10-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-161894517.json"}},{"package":{"name":"platform/system/core","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2020-10-01"}]}],"versions":["9"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/core/+/bad50ed24f9d48d001fcedd332d59f162dc3432d"],"vanir_signatures":[{"target":{"file":"libutils/String8.cpp"},"signature_type":"Line","id":"ASB-A-161894517-7d10a44a","digest":{"threshold":0.9,"line_hashes":["179724582368432587449024339023966956690","125373090127878909928384078389237341639","215776864378662469997514373978846441973","221157752089847403538202464558933860083","184377021692256145058180548104623777372"]},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/core/+/bad50ed24f9d48d001fcedd332d59f162dc3432d"},{"target":{"file":"libutils/String8.cpp","function":"String8::appendFormatV"},"signature_type":"Function","id":"ASB-A-161894517-e3f1253c","digest":{"length":392,"function_hash":"99346198394436472594005213147588571161"},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/core/+/bad50ed24f9d48d001fcedd332d59f162dc3432d"}],"types":["EoP"],"spl":"2020-10-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-161894517.json"}},{"package":{"name":"platform/system/core","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2020-10-01"}]}],"versions":["10"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/core/+/bad50ed24f9d48d001fcedd332d59f162dc3432d"],"vanir_signatures":[{"target":{"file":"libutils/String8.cpp"},"signature_type":"Line","id":"ASB-A-161894517-1459d120","digest":{"threshold":0.9,"line_hashes":["179724582368432587449024339023966956690","125373090127878909928384078389237341639","215776864378662469997514373978846441973","221157752089847403538202464558933860083","184377021692256145058180548104623777372"]},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/core/+/bad50ed24f9d48d001fcedd332d59f162dc3432d"},{"target":{"file":"libutils/String8.cpp","function":"String8::appendFormatV"},"signature_type":"Function","id":"ASB-A-161894517-3e4a6850","digest":{"length":392,"function_hash":"99346198394436472594005213147588571161"},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/core/+/bad50ed24f9d48d001fcedd332d59f162dc3432d"}],"types":["EoP"],"spl":"2020-10-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-161894517.json"}},{"package":{"name":"platform/system/core","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2020-10-01"}]}],"versions":["11"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/core/+/bad50ed24f9d48d001fcedd332d59f162dc3432d"],"vanir_signatures":[{"target":{"file":"libutils/String8.cpp"},"signature_type":"Line","id":"ASB-A-161894517-0b0b98a4","digest":{"threshold":0.9,"line_hashes":["179724582368432587449024339023966956690","125373090127878909928384078389237341639","215776864378662469997514373978846441973","221157752089847403538202464558933860083","184377021692256145058180548104623777372"]},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/core/+/bad50ed24f9d48d001fcedd332d59f162dc3432d"},{"target":{"file":"libutils/String8.cpp","function":"String8::appendFormatV"},"signature_type":"Function","id":"ASB-A-161894517-178da2c0","digest":{"length":392,"function_hash":"99346198394436472594005213147588571161"},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/core/+/bad50ed24f9d48d001fcedd332d59f162dc3432d"}],"types":["EoP"],"spl":"2020-10-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-161894517.json"}}],"schema_version":"1.7.5"}