CVE-2023-21287
published 2023-08-14CVE-2023-21287: In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.42%
33.6th percentile
In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | external_freetype | >= 11:0 < 11:2023-08-01 | 11:2023-08-01 |
| platform | external_freetype | >= 12:0 < 12:2023-08-01 | 12:2023-08-01 |
| platform | external_freetype | >= 12L:0 < 12L:2023-08-01 | 12L:2023-08-01 |
| platform | external_freetype | >= 13-next:0 < 13-next:2023-08-01 | 13-next:2023-08-01 |
| platform | external_freetype | >= 13:0 < 13:2023-08-01 | 13:2023-08-01 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2023-21287 is a remote code execution vulnerability via type confusion in Android (AOSP versions 11, 12, 12L, 13), requiring no privileges or user interaction — prioritize detection of anomalous process spawning or code execution from system services on affected Android versions. ↗
- →Target scope for detection: Android OS versions 11, 12, 12L, and 13 are confirmed affected; focus monitoring on unpatched devices running these versions. ↗
- →Reference Android internal bug tracker ID A-278221085 when correlating vendor patch notes or OEM advisories for this vulnerability. ↗
- ·No specific exploit payload, hash, network indicator, or PoC code is publicly disclosed in the available sources; no concrete IOCs can be extracted at this time. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Android
CVE-2023-21287: Android Security Bulletin 2023-08-01
CVE: CVE-2023-21287
Severity: HIGH
Type: RCE
Affected AOSP versions: 11, 12, 12L, 13
References: A-278221085
vendor_android·2023-08-01·CVSS 9.8
CVE-2023-21287 [CRITICAL] CVE-2023-21287: Android Security Bulletin 2023-08-01
CVE: CVE-2023-21287
Severity: HIGH
Type: RCE
Affected AOSP versions: 11, 12, 12L, 13
References: A-278221085
Android Security Bulletin 2023-08-01
CVE: CVE-2023-21287
Severity: HIGH
Type: RCE
Affected AOSP versions: 11, 12, 12L, 13
References: A-278221085
GHSA
GHSA-rhr8-9f37-5mx4: In multiple locations, there is a possible code execution due to type confusion
ghsa_unreviewed·2023-08-15
CVE-2023-21287 [CRITICAL] CWE-843 GHSA-rhr8-9f37-5mx4: In multiple locations, there is a possible code execution due to type confusion
In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
OSV
CVE-2023-21287: In multiple locations, there is a possible code execution due to type confusion
osv·2023-08-01
CVE-2023-21287 CVE-2023-21287: In multiple locations, there is a possible code execution due to type confusion
In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://android.googlesource.com/platform/external/freetype/+/a79e80a25874dacaa266906a9048f13d4bac41c6https://source.android.com/security/bulletin/2023-08-01https://android.googlesource.com/platform/external/freetype/+/a79e80a25874dacaa266906a9048f13d4bac41c6https://source.android.com/security/bulletin/2023-08-01
2023-08-14
Published