ASB-A-224771621 — Vulnetix

ASB-A-224771621 PUBLISHED CVSS 8.5 HIGH

In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

Risk Scores

CVSS v4.0

8.5

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
platform	frameworks/base	14-next, 14-next, 11:0

Timeline

Oct 1, 2023 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2023-10-01 advisory
https://android.googlesource.com/platform/frameworks/base/+/3287ac2d2565dc96bf6177967f8e3aed33954253 patch

Open in Interactive Console →