CVE-2024-20011

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 5, 2024

Updated: Feb 9, 2024

CWE ID 119

Summary

CVE-2024-20011 is a newly disclosed vulnerability affecting the alac decoder. This issue arises from an incorrect bounds check, allowing for potential information disclosure. With no additional privileges required, an attacker could exploit this flaw to execute remote code. Notably, user interaction is not necessary for this exploit to be successful. The patch for this vulnerability is identified as ALPS08441146.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uZ3nAB
https://www.cve.org/CVERecord?id=CVE-2024-20011
https://nvd.nist.gov/vuln/detail/CVE-2024-20011

Back to Vulnerability Database