In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146.
References
Link | Resource |
---|---|
https://corp.mediatek.com/product-security-bulletin/February-2024 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
09 Feb 2024, 02:06
Type | Values Removed | Values Added |
---|---|---|
References | () https://corp.mediatek.com/product-security-bulletin/February-2024 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8176:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8312d:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:* cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8195z:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8312c:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:* cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8127:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8135:-:*:*:*:*:*:*:* cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:* |
|
First Time |
Mediatek mt8167
Mediatek mt8176 Mediatek mt8175 Mediatek mt8167s Mediatek mt8185 Mediatek mt8135 Mediatek mt8312c Mediatek mt8195 Mediatek mt8173 Google android Mediatek mt8188 Mediatek mt8195z Mediatek mt8127 Mediatek Mediatek mt8168 Mediatek mt8312d Mediatek mt8188t Mediatek mt6985 Mediatek mt8183 |
|
CWE | CWE-119 |
05 Feb 2024, 13:54
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
05 Feb 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-05 06:15
Updated : 2024-02-09 02:06
NVD link : CVE-2024-20011
Mitre link : CVE-2024-20011
CVE.ORG link : CVE-2024-20011
JSON object : View
Products Affected
mediatek
- mt8175
- mt8183
- mt8168
- mt8167
- mt8195z
- mt8167s
- mt8312c
- mt8173
- mt8195
- mt8185
- mt8312d
- mt8188t
- mt8127
- mt6985
- mt8188
- mt8135
- mt8176
- android
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer