How severe is CVE-2020-11828?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2020-11828?

This is classified as CWE-908, which is a common weakness in software security.

CVE-2020-11828 - HIGH Severity | CVSS 7.5

Vulnerability Description

In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR.

Related Vulnerabilities

CVE-2008-0063

HIGH

CVSS:7.5(High)

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitiv...

CWE-9082008

CVE-2008-3688

HIGH

CVSS:7.5(High)

sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote attackers to cause a denial of service (hang) by connecting to a non-responsive server, which triggers an infinite loop due to an un...

CWE-9082008

CVE-2009-0949

HIGH

CVSS:7.5(High)

The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointe...

CWE-9082009

CVE-2017-9098

HIGH

CVSS:7.5(High)

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated b...

CWE-9082017

CVE-2018-25023

HIGH

CVSS:7.5(High)

An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type.

CWE-9082018

CVE-2018-9381

HIGH

CVSS:7.5(High)

In gatts_process_read_by_type_req of gatt_sr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution priv...

CWE-9082018