CVE-2024-20011

In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
OR cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8127:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8135:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8176:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8195z:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8312c:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8312d:-:*:*:*:*:*:*:*

History

09 Feb 2024, 02:06

Type Values Removed Values Added
CWE CWE-119
CPE cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8135:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8127:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8312c:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8195z:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8176:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8312d:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References () https://corp.mediatek.com/product-security-bulletin/February-2024 - () https://corp.mediatek.com/product-security-bulletin/February-2024 - Vendor Advisory
First Time Mediatek mt8173
Mediatek mt8127
Mediatek mt8312c
Mediatek mt8195z
Mediatek mt8167s
Mediatek mt8135
Mediatek mt8168
Mediatek
Google
Mediatek mt8185
Mediatek mt8176
Mediatek mt8183
Mediatek mt6985
Mediatek mt8167
Mediatek mt8195
Google android
Mediatek mt8188t
Mediatek mt8175
Mediatek mt8312d
Mediatek mt8188

05 Feb 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-05 06:15

Updated : 2024-02-28 20:54


NVD link : CVE-2024-20011

Mitre link : CVE-2024-20011

CVE.ORG link : CVE-2024-20011


JSON object : View

Products Affected

mediatek

  • mt8183
  • mt8176
  • mt8135
  • mt8195
  • mt6985
  • mt8167
  • mt8168
  • mt8312c
  • mt8188
  • mt8127
  • mt8195z
  • mt8188t
  • mt8312d
  • mt8185
  • mt8167s
  • mt8173
  • mt8175

google

  • android
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer