exploitDog

CVE-2023-21192

Опубликовано: 28 июн. 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

In setInputMethodWithSubtypeIdLocked of InputMethodManagerService.java, there is a possible way to setup input methods that are not enabled due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227207653

Ссылки

https://source.android.com/security/bulletin/pixel/2023-06-01
Vendor Advisory
https://source.android.com/security/bulletin/pixel/2023-06-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

EPSS

Процентиль: 4%

0.00018

Низкий

7.8 High

CVSS3

Дефекты

CWE-20

Связанные уязвимости

GHSA-ch2w-f7c7-mm84

CVSS3: 7.8

github

больше 2 лет назад

In setInputMethodWithSubtypeIdLocked of InputMethodManagerService.java, there is a possible way to setup input methods that are not enabled due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227207653

EPSS

Процентиль: 4%

0.00018

Низкий

7.8 High

CVSS3

Дефекты

CWE-20