CVE-2023-21111Improper Input Validation in Packages Services Telecomm

CWE-20Improper Input ValidationCWE-1284Improper Validation of Specified Quantity in Input5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Platform Frameworks BasePlatform Packages Services TelecommGoogle Android
Timeline
PublishedMay 15
Latest updateNov 1

Description

In several functions of PhoneAccountRegistrar.java, there is a possible way to prevent an access to emergency services due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256819769

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5google/androidAndroid-11 Android-12 Android-12L Android-13
NVDgoogle/android4 versions+3
Androidplatform/packages_services_telecomm14-next:014-next:2023-11-01+4
Androidplatform/frameworks_base14-next:014-next:2023-11-01+4

Patches

Patch: source.android.comPatch: source.android.com

🔴Vulnerability Details

3
OSV
CVE-2023-21111: In multiple functions of PhoneAccountRegistrar2023-11-01
GHSA
GHSA-r3cj-h858-jrrj: In several functions of PhoneAccountRegistrar2023-05-16
CVEList
CVE-2023-21111: In several functions of PhoneAccountRegistrar2023-05-15

📋Vendor Advisories

1
Android
CVE-2023-21111: Android Security Bulletin 2023-11-01 CVE: CVE-2023-21111 Severity: HIGH Type: DoS Affected AOSP versions: 11, 12, 12L, 13 References: A-256819769 [2]2023-11-01
CVE-2023-21111 — Improper Input Validation | cvebase