CVE-2023-20994Out-of-bounds Write in System Libufdt

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow4 documents4 sources
Severity
6.7MEDIUMNVD
EPSS
0.0%
top 88.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform System LibufdtGoogle Android
Timeline
PublishedMar 24
Latest updateJul 5

Description

In _ufdt_output_property_to_fdt of ufdt_convert.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-259062118

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

Androidplatform/system_libufdt13:013:2023-03-01
CVEListV5google/androidAndroid-13
NVDgoogle/android13.0

Patches

Patch: source.android.comPatch: source.android.com

🔴Vulnerability Details

2
GHSA
GHSA-g8w9-22g6-mj88: In _ufdt_output_property_to_fdt of ufdt_convert2023-03-24
OSV
CVE-2023-20994: In _ufdt_output_property_to_fdt of ufdt_convert2023-03-01

📋Vendor Advisories

1
Red Hat
gstreamer-plugins-base: heap overwrite in subtitle parsing2023-07-05