ASB-A-224771921 — Vulnetix

ASB-A-224771921 PUBLISHED CVSS 8.5 HIGH

In queryInternal of CallLogProvider.java, there is a possible access to voicemail information due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Risk Scores

CVSS v4.0

8.5

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
platform	packages/providers/ContactsProvider	10, 11:0, 11

Timeline

Oct 1, 2022 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2022-10-01 advisory
https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/571be94b55445553a86825d95a63afe05cfba6bd patch

Open in Interactive Console →