In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback.
References
Link | Resource |
---|---|
https://cpr-zero.checkpoint.com/vulns/cprid-2191/ | Exploit Third Party Advisory |
https://research.checkpoint.com/2022/bad-alac-one-codec-to-hack-the-whole-world/ | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
19 Aug 2022, 15:01
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:sony:xperia_pro:-:*:*:*:*:*:*:* cpe:2.3:o:sony:xperia_1_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sony:xperia_5_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sony:xperia_pro_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:sony:xperia_1:-:*:*:*:*:*:*:* cpe:2.3:h:sony:xperia_5:-:*:*:*:*:*:*:* |
|
First Time |
Sony xperia Pro
Sony xperia Pro Firmware Sony xperia 1 Sony Sony xperia 1 Firmware Sony xperia 5 Sony xperia 5 Firmware |
|
CWE | CWE-120 | |
References | (MISC) https://cpr-zero.checkpoint.com/vulns/cprid-2191/ - Exploit, Third Party Advisory | |
References | (MISC) https://research.checkpoint.com/2022/bad-alac-one-codec-to-hack-the-whole-world/ - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
17 Aug 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-17 21:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-23747
Mitre link : CVE-2022-23747
CVE.ORG link : CVE-2022-23747
JSON object : View
Products Affected
sony
- xperia_5_firmware
- xperia_1
- xperia_pro
- xperia_1_firmware
- xperia_pro_firmware
- xperia_5
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')