CVE-2023-20689 — Integer Overflow or Wraparound in Google Android

CWE-190 — Integer Overflow or Wraparound3 documents3 sources

Severity

7.5HIGHNVD

EPSS

1.5%

top 19.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Android Linuxfoundation Yocto

Timeline

PublishedJul 4

Description

In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664741; Issue ID: ALPS07664741.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDgoogle/android11.0

▶NVDlinuxfoundation/yocto4.0

🔴Vulnerability Details

CVEList

CVE-2023-20689: In wlan firmware, there is possible system crash due to an integer overflow↗2023-07-04

▶

GHSA

GHSA-j4p2-r9fg-h9c7: In wlan firmware, there is possible system crash due to an integer overflow↗2023-07-04

▶