In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261867748
References
Link | Resource |
---|---|
https://source.android.com/security/bulletin/2023-03-01 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
29 Mar 2023, 15:00
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-787 | |
References | (MISC) https://source.android.com/security/bulletin/2023-03-01 - Patch, Vendor Advisory | |
First Time |
Google android
|
|
CPE | cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:* cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:* |
24 Mar 2023, 20:38
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-24 20:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-20954
Mitre link : CVE-2023-20954
CVE.ORG link : CVE-2023-20954
JSON object : View
Products Affected
- android
CWE
CWE-787
Out-of-bounds Write