CVE-2021-39623 — Out-of-bounds Write in Google Android

CWE-787 — Out-of-bounds Write CWE-269 — Improper Privilege Management5 documents5 sources

Severity

9.8CRITICALNVD

EPSS

2.5%

top 14.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform Frameworks AV Google Android

Timeline

PublishedJan 14

Latest updateJan 15

Description

In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194105348

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5google/androidAndroid-10 Android-11 Android-12 Android-9

▶NVDgoogle/android4 versions+3

▶Androidplatform/frameworks_av9:0 — 9:2022-01-01+3

🔴Vulnerability Details

GHSA

GHSA-j7c5-g427-27ch: In doRead of SimpleDecodingSource↗2022-01-15

▶

CVEList

CVE-2021-39623: In doRead of SimpleDecodingSource↗2022-01-14

▶

OSV

CVE-2021-39623: In doRead of SimpleDecodingSource↗2022-01-01

▶

📋Vendor Advisories

Android

CVE-2021-39623: Android Security Bulletin 2022-01-01 CVE: CVE-2021-39623 Severity: HIGH Type: EoP Affected AOSP versions: 9, 10, 11, 12 References: A-194105348↗2022-01-01

▶