CVE-2022-23747

In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cpr-zero.checkpoint.com/vulns/cprid-2191/	Exploit Third Party Advisory
https://research.checkpoint.com/2022/bad-alac-one-codec-to-hack-the-whole-world/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:sony:xperia_1_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sony:xperia_1:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:sony:xperia_5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sony:xperia_5:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:sony:xperia_pro_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sony:xperia_pro:-:*:*:*:*:*:*:*

History

19 Aug 2022, 15:01

Type	Values Removed	Values Added
CPE		cpe:2.3:h:sony:xperia_pro:-:::::::* cpe:2.3:o:sony:xperia_1_firmware:-:::::::* cpe:2.3:o:sony:xperia_5_firmware:-:::::::* cpe:2.3:o:sony:xperia_pro_firmware:-:::::::* cpe:2.3:h:sony:xperia_1:-:::::::* cpe:2.3:h:sony:xperia_5:-:::::::*
First Time		Sony xperia Pro Sony xperia Pro Firmware Sony xperia 1 Sony Sony xperia 1 Firmware Sony xperia 5 Sony xperia 5 Firmware
CWE		CWE-120
References	~~(MISC) https://cpr-zero.checkpoint.com/vulns/cprid-2191/ -~~	(MISC) https://cpr-zero.checkpoint.com/vulns/cprid-2191/ - Exploit, Third Party Advisory
References	~~(MISC) https://research.checkpoint.com/2022/bad-alac-one-codec-to-hack-the-whole-world/ -~~	(MISC) https://research.checkpoint.com/2022/bad-alac-one-codec-to-hack-the-whole-world/ - Exploit, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8

17 Aug 2022, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-08-17 21:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-23747

Mitre link : CVE-2022-23747

CVE.ORG link : CVE-2022-23747

JSON object : View

Products Affected

sony

xperia_5_firmware
xperia_1
xperia_pro
xperia_1_firmware
xperia_pro_firmware
xperia_5

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2022-23747", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-08-17T21:15:08.787", "references": [{"url": "https://cpr-zero.checkpoint.com/vulns/cprid-2191/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@checkpoint.com"}, {"url": "https://research.checkpoint.com/2022/bad-alac-one-codec-to-hack-the-whole-world/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@checkpoint.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}, {"type": "Secondary", "source": "cve@checkpoint.com", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback."}, {"lang": "es", "value": "En las series Sony Xperia 1, 5 y Pro, puede producirse un acceso a la memoria fuera de l\u00edmites debido a una falta de comprobaci\u00f3n del n\u00famero de fotogramas que son pasados durante la reproducci\u00f3n de m\u00fasica."}], "lastModified": "2022-08-19T15:01:17.267", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sony:xperia_1_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FECFF2CD-6623-4E96-AF4C-AF965B40FE0C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sony:xperia_1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AE81F69D-48A8-4AE0-AAC6-5AEEF14BE778"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sony:xperia_5_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A261189-611F-4E34-BDCD-877ECEC2CD6A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sony:xperia_5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E93A6274-D81C-4981-A5A8-31DCEDA2F135"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sony:xperia_pro_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6296EF2A-BC49-4C10-8301-FD3584EF3410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sony:xperia_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "15758D5D-06BF-4D28-8F42-39A3D4A32D34"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@checkpoint.com"}