CVE-2022-20473
published 2022-12-13CVE-2022-20473: In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
8.85%
94.6th percentile
In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239267173
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | frameworks_minikin | >= 10:0 < 10:2022-12-01 | 10:2022-12-01 |
| platform | frameworks_minikin | >= 11:0 < 11:2022-12-01 | 11:2022-12-01 |
| platform | frameworks_minikin | >= 12:0 < 12:2022-12-01 | 12:2022-12-01 |
| platform | frameworks_minikin | >= 12L:0 < 12L:2022-12-01 | 12L:2022-12-01 |
| platform | frameworks_minikin | >= 13:0 < 13:2022-12-01 | 13:2022-12-01 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is in the `toLanguageTag` function of `LocaleListCache.cpp` — monitor for crashes or anomalous behavior in locale-handling code paths on Android 10–13 ↗
- →No user interaction required and no additional privileges needed — exploitation can be fully remote and silent; prioritize detection of unexpected remote code execution on unpatched Android 10/11/12/12L/13 devices ↗
- →Track Android Security Bulletin 2022-12-01 patch level on managed devices; devices reporting a security patch level earlier than 2022-12-01 remain vulnerable to this Critical RCE ↗
- ·No public proof-of-concept exploit, specific payload, or network indicators were disclosed in the available sources; concrete IOCs (hashes, IPs, domains, signatures) cannot be extracted from the provided documentation ↗
- ·The Android bug tracker reference (A-239267173) is the only cross-reference identifier available; additional technical details are gated behind Google's internal tracker and not publicly accessible ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6m2w-gr82-x4xq: In toLanguageTag of LocaleListCache
ghsa_unreviewed·2022-12-13
CVE-2022-20473 [CRITICAL] CWE-125 GHSA-6m2w-gr82-x4xq: In toLanguageTag of LocaleListCache
In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239267173
OSV
CVE-2022-20473: In toLanguageTag of LocaleListCache
osv·2022-12-01
CVE-2022-20473 CVE-2022-20473: In toLanguageTag of LocaleListCache
In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CISA ICS
Siemens SIMATIC
cisa_ics·2024-03-14
Siemens SIMATIC
ICS Advisory
##
Siemens SIMATIC
Release DateMarch 14, 2024
Alert CodeICSA-24-074-07
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC
- Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Improper Input Validation, Missing Encryption of Sensitive Data, Incorrect Permission Assignment for Critical Resource, Expected Beha
Android
CVE-2022-20473: Android Security Bulletin 2022-12-01
CVE: CVE-2022-20473
Severity: CRITICAL
Type: RCE
Affected AOSP versions: 10, 11, 12, 12L, 13
References: A-239267
vendor_android·2022-12-01·CVSS 9.8
CVE-2022-20473 [CRITICAL] CVE-2022-20473: Android Security Bulletin 2022-12-01
CVE: CVE-2022-20473
Severity: CRITICAL
Type: RCE
Affected AOSP versions: 10, 11, 12, 12L, 13
References: A-239267
Android Security Bulletin 2022-12-01
CVE: CVE-2022-20473
Severity: CRITICAL
Type: RCE
Affected AOSP versions: 10, 11, 12, 12L, 13
References: A-239267173
No detection rules found.
No public exploits indexed.
2022-12-13
Published