exploitDog

CVE-2022-20483

Опубликовано: 13 дек. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

In several functions that parse avrc response in avrc_pars_ct.cc and related files, there are possible out of bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242459126

Ссылки

https://source.android.com/security/bulletin/2022-12-01
Vendor Advisory
https://source.android.com/security/bulletin/2022-12-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.00788

Низкий

7.5 High

CVSS3

Дефекты

CWE-191

CWE-191

Связанные уязвимости

GHSA-r5m2-pqwj-6px8

CVSS3: 7.5

github

около 3 лет назад

In several functions that parse avrc response in avrc_pars_ct.cc and related files, there are possible out of bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242459126

EPSS

Процентиль: 73%

0.00788

Низкий

7.5 High

CVSS3

Дефекты

CWE-191

CWE-191