Описание
In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
EPSS
Процентиль: 1%
0.00008
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-476
Связанные уязвимости
CVSS3: 5.5
github
9 месяцев назад
In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure.
EPSS
Процентиль: 1%
0.00008
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-476