CVE-2022-20393

In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure from the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-233735886

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://source.android.com/security/bulletin/2022-09-01	Patch Vendor Advisory
https://source.android.com/security/bulletin/2022-09-01	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:google:android:11.0:::::::*
	cpe:2.3:o:google:android:12.0:::::::*
	cpe:2.3:o:google:android:12.1:::::::*

History

21 Nov 2024, 06:42

Type	Values Removed	Values Added
References	~~() https://source.android.com/security/bulletin/2022-09-01 - Patch, Vendor Advisory~~	() https://source.android.com/security/bulletin/2022-09-01 - Patch, Vendor Advisory

08 Aug 2023, 14:21

Type	Values Removed	Values Added
CWE	~~CWE-190~~	CWE-191

Information

Published : 2022-09-13 20:15

Updated : 2024-11-21 06:42

NVD link : CVE-2022-20393

Mitre link : CVE-2022-20393

CVE.ORG link : CVE-2022-20393

JSON object : View

Products Affected

google

android

CWE

CWE-191

Integer Underflow (Wrap or Wraparound)

{"id": "CVE-2022-20393", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-09-13T20:15:09.433", "references": [{"url": "https://source.android.com/security/bulletin/2022-09-01", "tags": ["Patch", "Vendor Advisory"], "source": "security@android.com"}, {"url": "https://source.android.com/security/bulletin/2022-09-01", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-191"}]}], "descriptions": [{"lang": "en", "value": "In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure from the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-233735886"}, {"lang": "es", "value": "En la funci\u00f3n extract3GPPGlobalDescriptions del archivo TextDescriptions.cpp, se presenta una posible lectura fuera de l\u00edmites debido a un desbordamiento de enteros. Esto podr\u00eda conllevar a una divulgaci\u00f3n de informaci\u00f3n local desde el servidor de medios sin ser necesarios privilegios de ejecuci\u00f3n adicionales. No es requerida una interacci\u00f3n del usuario para su explotaci\u00f3n. Producto: Android, Versiones: Android-11 Android-12 Android-12L, ID de Android: A-233735886"}], "lastModified": "2024-11-21T06:42:43.990", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"}, {"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"}, {"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"}], "operator": "OR"}]}], "sourceIdentifier": "security@android.com"}