CVE-2022-22271Out-of-bounds Read in Mobile Devices

CWE-125Out-of-bounds ReadCWE-20Improper Input ValidationCWE-400Uncontrolled Resource Consumption5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 87.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile DevicesGoogle Android
Timeline
PublishedJan 10
Latest updateJul 9

Description

A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5samsung_mobile/samsung_mobile_devicesP(9.0), Q(10.0), R(11.0)SMR Jan-2022 Release 1
NVDgoogle/android10.0, 11.0, 9.0+2

🔴Vulnerability Details

3
GHSA
Spring Cloud Function Framework vulnerable to Denial of Service2024-07-09
GHSA
GHSA-mjgc-6w7g-2jm9: A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory2022-01-11
CVEList
CVE-2022-22271: A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory2022-01-07

📋Vendor Advisories

1
Red Hat
spring-cloud-function-context: Spring Cloud Function Web DOS Vulnerability2024-07-09
CVE-2022-22271 — Out-of-bounds Read in Mobile Devices | cvebase