CVE-2023-20977Out-of-bounds Read in Google Android

CWE-125Out-of-bounds Read4 documents4 sources
Severity
4.4MEDIUMNVD
EPSS
0.0%
top 87.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform Packages Modules BluetoothGoogle Android
Timeline
PublishedMar 24
Latest updateJun 1

Description

In btm_ble_read_remote_features_complete of btm_ble_gap.cc, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if the firmware were compromised with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254445952

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5google/androidAndroid-13
NVDgoogle/android13.0
Androidplatform/packages_modules_bluetooth13-next:013-next:2023-06-01+1

🔴Vulnerability Details

3
OSV
CVE-2023-20977: In btm_ble_read_remote_features_complete of btm_ble_gap2023-06-01
GHSA
GHSA-cmj4-9f9m-cm6v: In btm_ble_read_remote_features_complete of btm_ble_gap2023-03-24
CVEList
CVE-2023-20977: In btm_ble_read_remote_features_complete of btm_ble_gap2023-03-24
CVE-2023-20977 — Out-of-bounds Read in Google Android | cvebase