VDB

CVE-2022-20393

CVE-2022-20393 PUBLISHED CVSS 5.5 MEDIUM

In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure from the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-233735886

EPSS 0.02% · 4.7th percentile

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.02%
4.7th percentile

Affected Products

VendorProductVersions
n/aAndroidAndroid-11 Android-12 Android-12L
googleandroid11.0, 12.0, 12.1

Exploit Intelligence

Timeline

  • Sep 7, 2022 CVE Published
  • Sep 14, 2022 EPSS Score
  • Sep 17, 2022 EPSS Score
  • Oct 29, 2022 EPSS Score
  • Dec 13, 2022 EPSS Score
  • Jan 27, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 13, 2023 EPSS Score
  • Apr 27, 2023 EPSS Score
  • Jul 26, 2023 EPSS Score
  • Sep 9, 2023 EPSS Score
  • Oct 24, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›