exploitDog

CVE-2023-21138

Опубликовано: 15 июн. 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-273260090

Ссылки

https://source.android.com/security/bulletin/2023-06-01
Patch
Vendor Advisory
https://source.android.com/security/bulletin/2023-06-01
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

EPSS

Процентиль: 1%

0.00009

Низкий

7.8 High

CVSS3

Дефекты

CWE-20

CWE-276

Связанные уязвимости

GHSA-944w-cmcw-jwwf

CVSS3: 7.8

github

больше 2 лет назад

In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-273260090

EPSS

Процентиль: 1%

0.00009

Низкий

7.8 High

CVSS3

Дефекты

CWE-20

CWE-276