exploitDog

CVE-2022-20468

Опубликовано: 13 дек. 2022

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

In BNEP_ConnectResp of bnep_api.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228450451

Ссылки

https://source.android.com/security/bulletin/2022-12-01
Vendor Advisory
https://source.android.com/security/bulletin/2022-12-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00075

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-125

CWE-125

Связанные уязвимости

GHSA-jfjc-v875-ppfc

CVSS3: 6.5

github

около 3 лет назад

In BNEP_ConnectResp of bnep_api.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228450451

EPSS

Процентиль: 23%

0.00075

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-125

CWE-125