CVE-2023-35679Out-of-bounds Read in Frameworks AV

CWE-125Out-of-bounds Read5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 93.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform Frameworks AVGoogle Android
Timeline
PublishedSep 11

Description

In MtpPropertyValue of MtpProperty.h, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

Androidplatform/frameworks_av13-next:013-next:2023-09-01+4
CVEListV5google/android4 versions+3
NVDgoogle/android4 versions+3

🔴Vulnerability Details

3
GHSA
GHSA-3fqx-hqc3-q3wf: In MtpPropertyValue of MtpProperty2023-09-11
CVEList
CVE-2023-35679: In MtpPropertyValue of MtpProperty2023-09-11
OSV
CVE-2023-35679: In MtpPropertyValue of MtpProperty2023-09-01

📋Vendor Advisories

1
Android
CVE-2023-35679: Android Security Bulletin 2023-09-01 CVE: CVE-2023-35679 Severity: HIGH Type: ID Affected AOSP versions: 11, 12, 12L, 13 References: A-2451377182023-09-01
CVE-2023-35679 — Out-of-bounds Read in Frameworks AV | cvebase