CVE-2024-20011

In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
OR cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8127:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8135:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8176:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8195z:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8312c:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8312d:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:51

Type Values Removed Values Added
References () https://corp.mediatek.com/product-security-bulletin/February-2024 - Vendor Advisory () https://corp.mediatek.com/product-security-bulletin/February-2024 - Vendor Advisory

09 Feb 2024, 02:06

Type Values Removed Values Added
CWE CWE-119
CPE cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8135:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8127:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8312c:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8195z:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8176:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8312d:-:*:*:*:*:*:*:*
References () https://corp.mediatek.com/product-security-bulletin/February-2024 - () https://corp.mediatek.com/product-security-bulletin/February-2024 - Vendor Advisory
First Time Mediatek mt8173
Mediatek mt8127
Mediatek mt8312c
Mediatek mt8195z
Mediatek mt8167s
Mediatek mt8135
Mediatek mt8168
Mediatek
Google
Mediatek mt8185
Mediatek mt8176
Mediatek mt8183
Mediatek mt6985
Mediatek mt8167
Mediatek mt8195
Google android
Mediatek mt8188t
Mediatek mt8175
Mediatek mt8312d
Mediatek mt8188
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

05 Feb 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-05 06:15

Updated : 2024-11-21 08:51


NVD link : CVE-2024-20011

Mitre link : CVE-2024-20011

CVE.ORG link : CVE-2024-20011


JSON object : View

Products Affected

mediatek

  • mt8188t
  • mt8195z
  • mt8312d
  • mt8127
  • mt8185
  • mt8183
  • mt8135
  • mt8188
  • mt8312c
  • mt8173
  • mt8167s
  • mt8168
  • mt8175
  • mt8195
  • mt8167
  • mt8176
  • mt6985

google

  • android
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer