CVE-2022-20418Out-of-bounds Read in Google Android

CWE-125Out-of-bounds Read7 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 52.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform Frameworks AVGoogle Android
Timeline
PublishedOct 11
Latest updateApr 13

Description

In pickStartSeq of AAVCAssembler.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-231986464

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5google/androidAndroid-12 Android-12L Android-13
NVDgoogle/android12.0, 12.1, 13.0+2
Androidplatform/frameworks_av12:012:2022-10-01+2

Patches

Patch: source.android.comPatch: source.android.com

🔴Vulnerability Details

5
VulDB
Google Android information disclosure (A-231986464 / EUVD-2022-25678)2026-04-13
VulDB
Google Android 12.0/13.0 AAVCAssembler.cpp pickStartSeq out-of-bounds (A-231986464 / EUVD-2022-25678)2026-04-13
GHSA
GHSA-gw8v-x559-3hvm: In pickStartSeq of AAVCAssembler2022-10-12
CVEList
CVE-2022-20418: In pickStartSeq of AAVCAssembler2022-10-11
OSV
CVE-2022-20418: In pickStartSeq of AAVCAssembler2022-10-01

📋Vendor Advisories

1
Android
CVE-2022-20418: Android Security Bulletin 2022-10-01 CVE: CVE-2022-20418 Severity: HIGH Type: ID Affected AOSP versions: 12, 12L, 13 References: A-2319864642022-10-01
CVE-2022-20418 — Out-of-bounds Read in Google Android | cvebase