Vulnerability

CVE-2020-0187

 Report advisory or correction

CVSS Score 5.5 medium

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-310

References

https://android.googlesource.com/platform/external/bouncycastle/+/14ceec126e49f2f4748f0d540be820515cc725a6
https://source.android.com/security/bulletin/pixel/2020-06-01
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0187

[CVE-2020-0187] CWE-310

Description

In engineSetMode of BaseBlockCipher.java, there is a possible incorrect cryptographic algorithm chosen due to an incomplete comparison. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148517383

See org.bouncycastle/bcprov-jdk15on package information