exploitDog

CVE-2023-20967

Опубликовано: 19 апр. 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

In avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-225879503

Ссылки

https://source.android.com/security/bulletin/2023-04-01
Vendor Advisory
https://source.android.com/security/bulletin/2023-04-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

EPSS

Процентиль: 4%

0.00018

Низкий

7.8 High

CVSS3

Дефекты

CWE-787

CWE-787

Связанные уязвимости

GHSA-2g3h-mh2w-wpjr

CVSS3: 7.8

github

почти 3 года назад

In avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-225879503

EPSS

Процентиль: 4%

0.00018

Низкий

7.8 High

CVSS3

Дефекты

CWE-787

CWE-787