CVE-2020-10135

MEDIUM

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Android

Details

CVSS v3: 5.4
CVSS v2: 4.8
NVD published: 2020-05-19 16:15:11
EPSS: 25.2% probability · 96.1th percentile — 2026-03-20
Affected versions: cpe:2.3:a:bluetooth:bluetooth_core:*:*:*:*:br:*:*:* cpe:2.3:a:bluetooth:bluetooth_core:*:*:*:*:edr:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Summary: Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key.
Remediation: Not available in our cache.
Exploit info: http://seclists.org/fulldisclosure/2020/Jun/5

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.