{"id":"ASB-A-163413737", "published":"2020-12-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2020-0460", "A-163413737"], "details":"In createNameCredentialDialog of CertInstaller.java, there exists the possibility of improperly installed certificates due to a logic error. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/packages/apps/KeyChain", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2020-12-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/KeyChain/+/ed1888ebc3888399ec5144491e43bf7d871028e5"], "severity":"High", "spl":"2020-12-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"221997742398354181207481934790901095770", "length":1045}, "id":"ASB-A-163413737-31f96deb", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/KeyChain/+/ed1888ebc3888399ec5144491e43bf7d871028e5", "target":{"file":"src/com/android/keychain/KeyChainService.java", "function":"installCaCertificate"}}, {"deprecated":false, "digest":{"line_hashes":["44590560098687051760168766726897459091", "272424851853488853262343996302208554374", "130889324646657065622862272637386545914", "290567645436964943703096202905960930", "240482688258204559067914748869522342846", "263034695685770265284760814741924588978", "175518438383135783705918946918443988984", "320955727718221376347404492174626792990", "152261998460928508289423043269525154414", "319043089001067699808345123436641813118", "271842744685860722142879054964127496890", "321759900182794192351112284774773075301", "27853003001317916211939846333620006878", "58337750089998859649511597057431554782", "59800681080357190351118842945544364719", "339487220467953845062908945966528696842", "295414141764990312668811447617814130499", "99876064620677970989223775600999398844", "260616571612097801813334480653209132502", "72578530763724199313861424884341659829", "270787940875248736092364541702780182875", "119598650777023731799056825091187137308", "163053674754217655828756819909126409276", "159477423419947727588768358965481848253", "69023563505592321534800051618716962352", "175205717342241858386659660195215797648", "331032745837855707749837144680938930483", "229043925049216458461060767564442255720", "311663205444793950467123119264056190974", "8189326827006974136768102706812934349", "189766111840823701127500381774134708125", "320717695250080302830299965206304452888", "19699155043006281039223332758034701272", "340178411266279287843615373706448455700", "3304655070590251331394007048333712415", "60441235247035267594595986851864646366"], "threshold":0.9}, "id":"ASB-A-163413737-c8d23889", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/KeyChain/+/ed1888ebc3888399ec5144491e43bf7d871028e5", "target":{"file":"src/com/android/keychain/KeyChainService.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2020-12-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/apps/KeyChain/+/ed1888ebc3888399ec5144491e43bf7d871028e5"}]}