CVE-2022-20472 — Out-of-bounds Read in Google Android

CWE-125 — Out-of-bounds Read5 documents5 sources

Severity

9.8CRITICALNVD

EPSS

4.5%

top 10.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform Frameworks Minikin Google Android

Timeline

PublishedDec 13

Latest updateMar 14

Description

In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239210579

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5google/androidAndroid-10 Android-11 Android-12 Android-12L Android-13

▶NVDgoogle/android5 versions+4

▶googlegoogle/android

▶Androidplatform/frameworks_minikin10:0 — 10:2022-12-01+4

Patches

Patch: source.android.com ↗Patch: source.android.com ↗

🔴Vulnerability Details

GHSA

GHSA-42v3-m5qw-hx2j: In toLanguageTag of LocaleListCache↗2022-12-13

▶

OSV

CVE-2022-20472: In toLanguageTag of LocaleListCache↗2022-12-01

▶

📋Vendor Advisories

CISA ICS

Siemens SIMATIC↗2024-03-14

▶

Android

CVE-2022-20472: Android Security Bulletin 2022-12-01 CVE: CVE-2022-20472 Severity: CRITICAL Type: RCE Affected AOSP versions: 10, 11, 12, 12L, 13 References: A-239210↗2022-12-01

▶