{"id":"ASB-A-158833854", "published":"2020-10-01T00:00:00Z", "modified":"2026-04-29T15:10:00.007170452Z", "aliases":["CVE-2020-0377", "A-158833854"], "details":"In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.0:0"}, {"fixed":"8.0:2020-10-01"}]}], "versions":["8.0"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131"], "severity":"High", "spl":"2020-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"42957258101994466047224867379899158865", "length":4639}, "id":"ASB-A-158833854-1a1ec668", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131", "target":{"file":"stack/gatt/gatt_cl.cc", "function":"gatt_process_read_by_type_rsp"}}, {"deprecated":false, "digest":{"line_hashes":["128209036849682925507769272032220842630", "118148119298219337041890358602925579698", "100322082609158840451188941519335099218", "205891181816671458137863107350817757273", "339782928233670025478778286670126471030", "5549041135905431976777039003897884896", "231526857142627928993022467953418278079", "314515756551669587750579748008643120521"], "threshold":0.9}, "id":"ASB-A-158833854-5c856825", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131", "target":{"file":"stack/gatt/gatt_cl.cc"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.1:0"}, {"fixed":"8.1:2020-10-01"}]}], "versions":["8.1"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131"], "severity":"High", "spl":"2020-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"42957258101994466047224867379899158865", "length":4639}, "id":"ASB-A-158833854-5e9454b6", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131", "target":{"file":"stack/gatt/gatt_cl.cc", "function":"gatt_process_read_by_type_rsp"}}, {"deprecated":false, "digest":{"line_hashes":["128209036849682925507769272032220842630", "118148119298219337041890358602925579698", "100322082609158840451188941519335099218", "205891181816671458137863107350817757273", "339782928233670025478778286670126471030", "5549041135905431976777039003897884896", "231526857142627928993022467953418278079", "314515756551669587750579748008643120521"], "threshold":0.9}, "id":"ASB-A-158833854-b9570689", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131", "target":{"file":"stack/gatt/gatt_cl.cc"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2020-10-01"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131"], "severity":"High", "spl":"2020-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["128209036849682925507769272032220842630", "118148119298219337041890358602925579698", "100322082609158840451188941519335099218", "205891181816671458137863107350817757273", "339782928233670025478778286670126471030", "5549041135905431976777039003897884896", "231526857142627928993022467953418278079", "314515756551669587750579748008643120521"], "threshold":0.9}, "id":"ASB-A-158833854-6de9f13c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131", "target":{"file":"stack/gatt/gatt_cl.cc"}}, {"deprecated":false, "digest":{"function_hash":"42957258101994466047224867379899158865", "length":4639}, "id":"ASB-A-158833854-d48d27c2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131", "target":{"file":"stack/gatt/gatt_cl.cc", "function":"gatt_process_read_by_type_rsp"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2020-10-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131"], "severity":"High", "spl":"2020-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["128209036849682925507769272032220842630", "118148119298219337041890358602925579698", "100322082609158840451188941519335099218", "205891181816671458137863107350817757273", "339782928233670025478778286670126471030", "5549041135905431976777039003897884896", "231526857142627928993022467953418278079", "314515756551669587750579748008643120521"], "threshold":0.9}, "id":"ASB-A-158833854-31a872ba", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131", "target":{"file":"stack/gatt/gatt_cl.cc"}}, {"deprecated":false, "digest":{"function_hash":"42957258101994466047224867379899158865", "length":4639}, "id":"ASB-A-158833854-a1599395", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131", "target":{"file":"stack/gatt/gatt_cl.cc", "function":"gatt_process_read_by_type_rsp"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2020-10-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131"], "severity":"High", "spl":"2020-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"42957258101994466047224867379899158865", "length":4639}, "id":"ASB-A-158833854-14bfa661", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131", "target":{"file":"stack/gatt/gatt_cl.cc", "function":"gatt_process_read_by_type_rsp"}}, {"deprecated":false, "digest":{"line_hashes":["128209036849682925507769272032220842630", "118148119298219337041890358602925579698", "100322082609158840451188941519335099218", "205891181816671458137863107350817757273", "339782928233670025478778286670126471030", "5549041135905431976777039003897884896", "231526857142627928993022467953418278079", "314515756551669587750579748008643120521"], "threshold":0.9}, "id":"ASB-A-158833854-d42fb086", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131", "target":{"file":"stack/gatt/gatt_cl.cc"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2020-10-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131"}]}