VDB
CVE-2024-21483
CVE-2024-21483
PUBLISHED
In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if the user can also inject a printf into a privileged process's SQL with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-153352319
EPSS 0.06% · 20.0th percentile
Risk Scores
EPSS Score
0.06%
20.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | Android | Android-9 Android-10 Android-11 Android-8.1 |
Timeline
- Mar 12, 2024 CVE Published
- Mar 13, 2024 EPSS Score
- Apr 8, 2024 EPSS Score
- May 4, 2024 EPSS Score
- May 30, 2024 EPSS Score
- Jun 26, 2024 EPSS Score
- Jul 22, 2024 EPSS Score
- Aug 17, 2024 EPSS Score
- Sep 12, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 8, 2024 EPSS Score
- Nov 3, 2024 EPSS Score
References
- https://cert-portal.siemens.com/productcert/html/ssa-792319.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-918992.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-353002.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-653855.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-225840.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-145196.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-382651.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-832273.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-366067.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-770721.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-576771.html advisory
- https://source.android.com/security/bulletin/2021-08-01 url