CVE-2022-20493 — Improper Validation of Specified Quantity in Input in Google Android

CWE-1284 — Improper Validation of Specified Quantity in Input CWE-20 — Improper Input Validation5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 91.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform Frameworks Base Google Android

Timeline

PublishedJan 26

Latest updateApr 18

Description

In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5google/androidAndroid-10 Android-11 Android-12 Android-12L Android-13

▶NVDgoogle/android5 versions+4

▶googlegoogle/android

▶Androidplatform/frameworks_base10:0 — 10:2023-01-01+4

🔴Vulnerability Details

VulDB

Google Android 10.0/11.0/12.0/13.0 Condition.java Condition improper validation of specified quantity in input (A-242846316 / EUVD-2022-25753)↗2026-04-18

▶

GHSA

GHSA-qf97-64qx-gqhq: In Condition of Condition↗2023-01-26

▶

OSV

CVE-2022-20493: In Condition of Condition↗2023-01-01

▶

📋Vendor Advisories

Android

CVE-2022-20493: Android Security Bulletin 2023-01-01 CVE: CVE-2022-20493 Severity: HIGH Type: EoP Affected AOSP versions: 10, 11, 12, 12L, 13 References: A-242846316↗2023-01-01

▶