CVE-2022-20338

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-20338
In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to a local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-171966843

3.3 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://source.android.com/security/bulletin/2023-05-01
Configurations

Configuration 1 (hide)

cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
History

15 May 2023, 22:15

Type Values Removed Values Added
References
  • {'url': 'https://source.android.com/security/bulletin/android-13', 'name': 'https://source.android.com/security/bulletin/android-13', 'tags': ['Vendor Advisory'], 'refsource': 'MISC'}
  • (MISC) https://source.android.com/security/bulletin/2023-05-01 -
Summary In Core Utilities, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-171966843 In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to a local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-171966843

16 Aug 2022, 10:59

Type Values Removed Values Added
CWE CWE-20
First Time Google android
Google
References (MISC) https://source.android.com/security/bulletin/android-13 - (MISC) https://source.android.com/security/bulletin/android-13 - Vendor Advisory
CPE cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 3.3

12 Aug 2022, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-08-12 15:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-20338

Mitre link : CVE-2022-20338

CVE.ORG link : CVE-2022-20338

JSON object : View

Products Affected

google

  • android
CWE
CWE-20

Improper Input Validation