CVE-2022-20483Integer Underflow (Wrap or Wraparound) in Google Android

CWE-191Integer Underflow (Wrap or Wraparound)CWE-190Integer Overflow or Wraparound6 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.8%
top 26.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Platform Packages Modules BluetoothPlatform System BTGoogle Android
Timeline
PublishedDec 13
Latest updateApr 16

Description

In several functions that parse avrc response in avrc_pars_ct.cc and related files, there are possible out of bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242459126

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5google/androidAndroid-10 Android-11 Android-12 Android-12L Android-13
NVDgoogle/android5 versions+4
Androidplatform/system_bt10:010:2022-12-01+2
Androidplatform/packages_modules_bluetooth13:013:2022-12-01

🔴Vulnerability Details

4
VulDB
Google Android 10.0/11.0/12.0/13.0 AVRC Response Parser avrc_pars_ct.cc out-of-bounds (A-242459126 / EUVD-2022-25743)2026-04-16
CVEList
CVE-2022-20483: In several functions that parse avrc response in avrc_pars_ct2022-12-13
GHSA
GHSA-r5m2-pqwj-6px8: In several functions that parse avrc response in avrc_pars_ct2022-12-13
OSV
CVE-2022-20483: In several functions that parse avrc response in avrc_pars_ct2022-12-01

📋Vendor Advisories

1
Android
CVE-2022-20483: Android Security Bulletin 2022-12-01 CVE: CVE-2022-20483 Severity: HIGH Type: ID Affected AOSP versions: 10, 11, 12, 12L, 13 References: A-2424591262022-12-01
CVE-2022-20483 — Integer Underflow (Wrap or Wraparound) | cvebase