CVE-2023-21016 — Google Android vulnerability

4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 86.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform Packages Apps Settings Google Android

Timeline

PublishedMar 24

Description

In AccountTypePreference of AccountTypePreference.java, there is a possible way to mislead the user about accounts installed on the device due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-213905884

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5google/androidAndroid-13

▶NVDgoogle/android13.0

▶Androidplatform/packages_apps_settings13:0 — 13:2023-03-01

Patches

Patch: source.android.com ↗Patch: source.android.com ↗

🔴Vulnerability Details

GHSA

GHSA-c95c-936f-4xqx: In AccountTypePreference of AccountTypePreference↗2023-03-24

▶

CVEList

CVE-2023-21016: In AccountTypePreference of AccountTypePreference↗2023-03-24

▶

OSV

CVE-2023-21016: In AccountTypePreference of AccountTypePreference↗2023-03-01

▶