VDB
CVE-2023-37935
CVE-2023-37935
PUBLISHED
In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if the user can also inject a printf into a privileged process's SQL with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-153352319
EPSS 0.19% · 40.9th percentile
Risk Scores
EPSS Score
0.19%
40.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | Android | * |
Timeline
- Oct 10, 2023 CVE Published
- Oct 11, 2023 EPSS Score
- Nov 11, 2023 EPSS Score
- Dec 13, 2023 EPSS Score
- Jan 13, 2024 EPSS Score
- Feb 14, 2024 EPSS Score
- Mar 16, 2024 EPSS Score
- Apr 16, 2024 EPSS Score
- May 18, 2024 EPSS Score
- Jun 18, 2024 EPSS Score
- Jul 19, 2024 EPSS Score
- Aug 20, 2024 EPSS Score
References
- https://cert-portal.siemens.com/productcert/html/ssa-792319.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-918992.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-353002.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-653855.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-225840.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-145196.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-382651.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-832273.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-366067.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-770721.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-576771.html advisory
- https://source.android.com/security/bulletin/2021-08-01 url