CVE-2022-25748 — Integer Overflow or Wraparound in Google Android

CWE-190 — Integer Overflow or Wraparound3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.4%

top 39.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Android

Timeline

PublishedOct 19

Description

Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶googlegoogle/android

🔴Vulnerability Details

GHSA

GHSA-9xf7-4mc7-2pf2: Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames↗2022-10-19

▶

📋Vendor Advisories

Android

CVE-2022-25748: Closed-source component↗2022-10-01

▶