CVE-2022-42544Injection in Google Android

CWE-74InjectionCWE-20Improper Input Validation4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 76.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform Packages Apps SettingsGoogle Android
Timeline
PublishedDec 16
Latest updateDec 21

Description

In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224545390

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5google/androidAndroid-13
NVDgoogle/android13.0
Androidplatform/packages_apps_settings13:013:2022-12-01

Patches

Patch: source.android.comPatch: source.android.com

🔴Vulnerability Details

3
GHSA
GHSA-j2p8-g7vg-2chp: In getView of AddAppNetworksFragment2022-12-21
CVEList
CVE-2022-42544: In getView of AddAppNetworksFragment2022-12-16
OSV
CVE-2022-42544: In getView of AddAppNetworksFragment2022-12-01
CVE-2022-42544 — Injection in Google Android | cvebase