CVE-2023-20932 — Improper Input Validation in Google Android

CWE-20 — Improper Input Validation6 documents6 sources

Severity

3.3LOWNVD

EPSS

0.0%

top 89.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform Packages Apps Emergencyinfo Google Android

Timeline

PublishedFeb 28

Latest updateJul 16

Description

In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-248251018

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5google/androidAndroid-10 Android-11 Android-12 Android-12L Android-13

▶NVDgoogle/android5 versions+4

▶Androidplatform/packages_apps_emergencyinfo10:0 — 10:2023-02-01+4

Patches

Patch: source.android.com ↗Patch: source.android.com ↗

🔴Vulnerability Details

GHSA

GHSA-925f-gg6v-cr2f: In onCreatePreferences of EditInfoFragment↗2023-02-28

▶

CVEList

CVE-2023-20932: In onCreatePreferences of EditInfoFragment↗2023-02-28

▶

OSV

CVE-2023-20932: In onCreatePreferences of EditInfoFragment↗2023-02-01

▶

📋Vendor Advisories

Atlassian

CVE-2023-22025 CVE-2023-22081 CVE-2024-20918 CVE-2024-20919 CVE-2024-20921 CVE-2024-20926 CVE-2024-20932 CVE-2024-20945↗2024-07-16

▶

Android

CVE-2023-20932: Android Security Bulletin 2023-02-01 CVE: CVE-2023-20932 Severity: HIGH Type: ID Affected AOSP versions: 10, 11, 12, 12L, 13 References: A-248251018↗2023-02-01

▶