In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146.
References
Link | Resource |
---|---|
https://corp.mediatek.com/product-security-bulletin/February-2024 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
09 Feb 2024, 02:06
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-119 | |
CPE | cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8135:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8127:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8312c:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8195z:-:*:*:*:*:*:*:* cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8176:-:*:*:*:*:*:*:* cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8312d:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | () https://corp.mediatek.com/product-security-bulletin/February-2024 - Vendor Advisory | |
First Time |
Mediatek mt8173
Mediatek mt8127 Mediatek mt8312c Mediatek mt8195z Mediatek mt8167s Mediatek mt8135 Mediatek mt8168 Mediatek Mediatek mt8185 Mediatek mt8176 Mediatek mt8183 Mediatek mt6985 Mediatek mt8167 Mediatek mt8195 Google android Mediatek mt8188t Mediatek mt8175 Mediatek mt8312d Mediatek mt8188 |
05 Feb 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-05 06:15
Updated : 2024-02-28 20:54
NVD link : CVE-2024-20011
Mitre link : CVE-2024-20011
CVE.ORG link : CVE-2024-20011
JSON object : View
Products Affected
mediatek
- mt8183
- mt8176
- mt8135
- mt8195
- mt6985
- mt8167
- mt8168
- mt8312c
- mt8188
- mt8127
- mt8195z
- mt8188t
- mt8312d
- mt8185
- mt8167s
- mt8173
- mt8175
- android
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer