exploitDog

CVE-2022-20473

Опубликовано: 13 дек. 2022

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239267173

Ссылки

https://source.android.com/security/bulletin/2022-12-01
Patch
Vendor Advisory
https://source.android.com/security/bulletin/2022-12-01
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.50881

Средний

9.8 Critical

CVSS3

Дефекты

CWE-125

CWE-125

Связанные уязвимости

GHSA-6m2w-gr82-x4xq

CVSS3: 9.8

github

около 3 лет назад

In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239267173

EPSS

Процентиль: 98%

0.50881

Средний

9.8 Critical

CVSS3

Дефекты

CWE-125

CWE-125