CVE-2026-0056
ResourceTypes.cpp Out-of-Bounds Read in Android
Publication date: 2026-06-01
Last updated on: 2026-06-03
Assigner: Android (associated with Google Inc. or Open Handset Alliance)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | 14.0 | |
| android | 15.0 | |
| android | 16.0 | |
| android | 16.0 | |
| android | 16.0 | |
| android | 16.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability could lead to local information disclosure without requiring additional execution privileges or user interaction.
Information disclosure vulnerabilities can potentially impact compliance with standards and regulations such as GDPR and HIPAA, which mandate the protection of sensitive data.
However, specific effects on compliance depend on the nature of the disclosed information and the context of the affected system, which is not detailed in the provided information.
Can you explain this vulnerability to me?
This vulnerability occurs in the setTo function of ResourceTypes.cpp where an incorrect bounds check can cause a read out of bounds. This means the program may read memory outside the intended area.
Because of this, local information disclosure can happen without needing any additional execution privileges or user interaction.
How can this vulnerability impact me? :
The impact of this vulnerability is local information disclosure. An attacker with local access could potentially read sensitive information from memory that should not be accessible.
No additional execution privileges or user interaction are required to exploit this vulnerability.