ASB-A-172655291
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-172655291.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-172655291
- Aliases
-
- A-172655291
- CVE-2021-0394
- Published
- 2021-03-01T00:00:00Z
- Modified
- 2026-04-17T15:55:28.020024Z
- Summary
- [none]
- Details
-
In androidosParcelreadString8 of androidos_Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
-
- https://source.android.com/security/bulletin/2021-03-01
- https://android.googlesource.com/platform/art/+/1358c9faa9766fd470ab2ba002a73479ccf54154
- https://android.googlesource.com/platform/art/+/4b56bb8ce224408acfef7f2b2c2cee2abd938c9a
- https://android.googlesource.com/platform/art/+/6444277041f41294d98adac4bb585183e56587f6
- https://android.googlesource.com/platform/art/+/69fc841b8460943c2b2224f61585942cbc9f3f40
- https://android.googlesource.com/platform/art/+/7dd48b90bd0968375cba8dffa2141cc9973329f9
- https://android.googlesource.com/platform/art/+/8c6653177204bfd6ccf03e1b4b3b72d96e362628
- https://android.googlesource.com/platform/art/+/d0b940349294a363e6d578adf58db8222c425669
- https://android.googlesource.com/platform/art/+/ed4b3e0958d3de6a92d82abb9f81e49e84d5c673
- https://android.googlesource.com/platform/frameworks/native/+/58f5cfa56d5282e69a7580dc4bb97603c409f003
- https://android.googlesource.com/platform/frameworks/native/+/61d0f84881cfc1bbac513ccd156c56603a48cc90
- https://android.googlesource.com/platform/system/tools/hidl/+/e8544d4fae9e8b7f1b31068c1bbd817c792315c7
- https://android.googlesource.com/platform/system/tools/hidl/+/f9a784013d8b6d519e66c2bee6384ad8a713ac25
Affected packages
Android
platform/art
Package
- Name
- platform/art
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/art/+/8c6653177204bfd6ccf03e1b4b3b72d96e362628",
"https://android.googlesource.com/platform/art/+/4b56bb8ce224408acfef7f2b2c2cee2abd938c9a"
],
"spl": "2021-03-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/art/+/8c6653177204bfd6ccf03e1b4b3b72d96e362628",
"target": {
"file": "runtime/jni_internal.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"180607149440948939479164550161214279693",
"134978023560574985810306324205789284474",
"298540098038011932319106653609065000051",
"206987900709816488317088732902174720532",
"280705728406661810475241199250680431554",
"12133602861741274292886291901812429956",
"68848050743189154801183728100053764074",
"319927085103449064030604113046133413287",
"334178265828066161336305025452291604460",
"206846713485717635990573066771692525881",
"273608509962210116374849023732172436388",
"33188954137486141825564234592003770192",
"170849378573825031730603322871863097566",
"49438342910050339764534238449718559295",
"158538186038025435029861607507494891298",
"133450046799623417154420577689232844282"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-172655291-7fd02d78"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/art/+/8c6653177204bfd6ccf03e1b4b3b72d96e362628",
"target": {
"file": "runtime/mirror/string.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"742922100236702367568882198496653128",
"180405028384217921452000999040661503123",
"9977381646763468625560674896791244814",
"139805360047875458615494518910909825755",
"32225368823611614938255998433514355264",
"188479341204455873783548129250054611175",
"212208487837375745877653722482654110695"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-172655291-aa00e463"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/art/+/4b56bb8ce224408acfef7f2b2c2cee2abd938c9a",
"target": {
"file": "runtime/jni_internal.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"68088544746606398025744615250163038987",
"28226944271011134750561644001012576494",
"209825031574744540524313120239507470003",
"265404860031320913435295735891844695476",
"168548116553547179047575912123703621696",
"286216963556853261487468743636343924010"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-172655291-cf6cfeae"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/art/+/8c6653177204bfd6ccf03e1b4b3b72d96e362628",
"target": {
"file": "runtime/jni_internal_test.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"168570116374635237039885631115068384155",
"159384961094558840978144327322108126448",
"224934053267818022264765479624697028862",
"62803872603171606213774527710327255445",
"195137674342404032480568352269670145071",
"223805834319586582126071666499972447476",
"176402132414195368955111043106638311181"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-172655291-fbc7a461"
}
],
"types": [
"ID"
]
}platform/art
Package
- Name
- platform/art
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/art/+/1358c9faa9766fd470ab2ba002a73479ccf54154",
"https://android.googlesource.com/platform/art/+/6444277041f41294d98adac4bb585183e56587f6"
],
"spl": "2021-03-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/art/+/1358c9faa9766fd470ab2ba002a73479ccf54154",
"target": {
"file": "runtime/jni_internal_test.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"168570116374635237039885631115068384155",
"159384961094558840978144327322108126448",
"293783139733515551778671335902691661129",
"169790146168576440691793624400849170644",
"195137674342404032480568352269670145071",
"223805834319586582126071666499972447476",
"176402132414195368955111043106638311181"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-172655291-0d5de24f"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/art/+/6444277041f41294d98adac4bb585183e56587f6",
"target": {
"file": "runtime/jni_internal.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"68088544746606398025744615250163038987",
"28226944271011134750561644001012576494",
"209825031574744540524313120239507470003",
"265404860031320913435295735891844695476",
"168548116553547179047575912123703621696",
"286216963556853261487468743636343924010"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-172655291-e98af56e"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/art/+/1358c9faa9766fd470ab2ba002a73479ccf54154",
"target": {
"file": "runtime/mirror/string.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"742922100236702367568882198496653128",
"180405028384217921452000999040661503123",
"9977381646763468625560674896791244814",
"139805360047875458615494518910909825755",
"32225368823611614938255998433514355264",
"188479341204455873783548129250054611175",
"212208487837375745877653722482654110695"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-172655291-ef1eddf8"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/art/+/1358c9faa9766fd470ab2ba002a73479ccf54154",
"target": {
"file": "runtime/jni_internal.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"10922246531782043043009867382087974160",
"164403077957362323978761702893074781059",
"44087293466022103470689832079521502467",
"157225773696640404769848357326090479048",
"203871501564387793397677125721693307224",
"203720691118153694198873009189563465043",
"62753520621921836267285483520983140164",
"18546899358844276652681103966829155931",
"218441269308950311698317751412169794716",
"55376328090569281986088435089769874933",
"15922383822712056605962251220168976960",
"136849160778608781247625656793641514303",
"221630291797742702191801366258041296601",
"175821458329387563646515368478874490014",
"201618387684450034921466871247760114794",
"196938724543593333345892212026014218256",
"168113358010914873610794459960435156414",
"273608509962210116374849023732172436388",
"33188954137486141825564234592003770192",
"170849378573825031730603322871863097566",
"49438342910050339764534238449718559295",
"158538186038025435029861607507494891298",
"133450046799623417154420577689232844282"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-172655291-f55da960"
}
],
"types": [
"ID"
]
}platform/art
Package
- Name
- platform/art
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/art/+/d0b940349294a363e6d578adf58db8222c425669",
"https://android.googlesource.com/platform/art/+/69fc841b8460943c2b2224f61585942cbc9f3f40"
],
"spl": "2021-03-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/art/+/d0b940349294a363e6d578adf58db8222c425669",
"target": {
"file": "runtime/jni/jni_internal.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"202511204484819295834833588177254942058",
"284607758542496867262757403818099768173",
"159912965984065222335951816084103006448",
"149643867330452241866180792490870522262",
"166042761445857038149469283982398574506",
"60167212461236581442404364580624804435",
"62753520621921836267285483520983140164",
"18546899358844276652681103966829155931",
"218441269308950311698317751412169794716",
"55376328090569281986088435089769874933",
"15922383822712056605962251220168976960",
"136849160778608781247625656793641514303",
"212725987451952485918615213657292046580",
"300837665512679662821417521987713394369",
"103257478912899464517635254725280675461",
"64308445431293430279938645659736159532",
"288368831909976602537046313117519377445",
"29356859129765398053659836935353935528",
"109450099008681295984032263742970683784",
"273608509962210116374849023732172436388",
"33188954137486141825564234592003770192",
"45279761540336446372455926813899844858",
"270322338951455366252111101919387386637",
"300321571165803176846928656283304827478",
"106505562176510559482163858132223790216"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-172655291-43f29d8f"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/art/+/d0b940349294a363e6d578adf58db8222c425669",
"target": {
"file": "runtime/jni/jni_internal_test.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"241526942436925564757606126723635427092",
"301505621793435453749660706775392497276",
"5301427927047796577660440299561261712",
"195137674342404032480568352269670145071",
"223805834319586582126071666499972447476",
"176402132414195368955111043106638311181"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-172655291-4d65fb39"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/art/+/d0b940349294a363e6d578adf58db8222c425669",
"target": {
"file": "runtime/mirror/string.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"742922100236702367568882198496653128",
"180405028384217921452000999040661503123",
"9977381646763468625560674896791244814",
"139805360047875458615494518910909825755",
"32225368823611614938255998433514355264",
"188479341204455873783548129250054611175",
"212208487837375745877653722482654110695"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-172655291-b3ed9d3c"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/art/+/69fc841b8460943c2b2224f61585942cbc9f3f40",
"target": {
"file": "runtime/jni/jni_internal.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"3031350208254016169423660349419128913",
"10819473316697691356524977026334605640",
"265404860031320913435295735891844695476",
"168548116553547179047575912123703621696",
"286216963556853261487468743636343924010"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-172655291-d6a95450"
}
],
"types": [
"ID"
]
}platform/system/tools/hidl
Package
- Name
- platform/system/tools/hidl
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/system/tools/hidl/+/e8544d4fae9e8b7f1b31068c1bbd817c792315c7"
],
"spl": "2021-03-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/system/tools/hidl/+/e8544d4fae9e8b7f1b31068c1bbd817c792315c7",
"target": {
"function": "TEST_F",
"file": "test/java_test/hidl_test_java_native.cpp"
},
"deprecated": false,
"digest": {
"function_hash": "129126988677395042074777166965345639604",
"length": 275.0
},
"signature_type": "Function",
"id": "ASB-A-172655291-54c4e523"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/system/tools/hidl/+/e8544d4fae9e8b7f1b31068c1bbd817c792315c7",
"target": {
"file": "test/java_test/hidl_test_java_native.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"65377231514670430681092134733789602433",
"16554559094624643674299291549605159249",
"16180241113869774546390725953518373524",
"209143510232628260802169552209636584561",
"91778596322299643257831351822103764986",
"334540214220134854590336077835016533783",
"154174223077795945264101533024329688070",
"292624923856552263949758150199859703067"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-172655291-ac444ce2"
}
],
"types": [
"ID"
]
}platform/art
Package
- Name
- platform/art
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/art/+/7dd48b90bd0968375cba8dffa2141cc9973329f9",
"https://android.googlesource.com/platform/art/+/ed4b3e0958d3de6a92d82abb9f81e49e84d5c673"
],
"spl": "2021-03-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/art/+/7dd48b90bd0968375cba8dffa2141cc9973329f9",
"target": {
"file": "runtime/mirror/string.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"742922100236702367568882198496653128",
"180405028384217921452000999040661503123",
"9977381646763468625560674896791244814",
"139805360047875458615494518910909825755",
"32225368823611614938255998433514355264",
"188479341204455873783548129250054611175",
"212208487837375745877653722482654110695"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-172655291-1635d329"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/art/+/ed4b3e0958d3de6a92d82abb9f81e49e84d5c673",
"target": {
"file": "runtime/jni/jni_internal.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"187306675662027505938536120528254655308",
"48900365538159706719260823727434531628",
"265404860031320913435295735891844695476",
"168548116553547179047575912123703621696",
"286216963556853261487468743636343924010"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-172655291-75ae2191"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/art/+/7dd48b90bd0968375cba8dffa2141cc9973329f9",
"target": {
"file": "runtime/jni/jni_internal.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"10922246531782043043009867382087974160",
"164403077957362323978761702893074781059",
"65204051227524025816545073897197777507",
"34963759301342839050197936324729709749",
"166042761445857038149469283982398574506",
"60167212461236581442404364580624804435",
"62753520621921836267285483520983140164",
"18546899358844276652681103966829155931",
"218441269308950311698317751412169794716",
"55376328090569281986088435089769874933",
"15922383822712056605962251220168976960",
"136849160778608781247625656793641514303",
"221630291797742702191801366258041296601",
"175821458329387563646515368478874490014",
"201618387684450034921466871247760114794",
"29356859129765398053659836935353935528",
"109450099008681295984032263742970683784",
"273608509962210116374849023732172436388",
"33188954137486141825564234592003770192",
"45279761540336446372455926813899844858",
"270322338951455366252111101919387386637",
"300321571165803176846928656283304827478",
"106505562176510559482163858132223790216"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-172655291-a469de7b"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/art/+/7dd48b90bd0968375cba8dffa2141cc9973329f9",
"target": {
"file": "runtime/jni/jni_internal_test.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"241526942436925564757606126723635427092",
"301505621793435453749660706775392497276",
"5301427927047796577660440299561261712",
"195137674342404032480568352269670145071",
"223805834319586582126071666499972447476",
"176402132414195368955111043106638311181"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-172655291-ae643b78"
}
],
"types": [
"ID"
]
}platform/frameworks/native
Package
- Name
- platform/frameworks/native
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/58f5cfa56d5282e69a7580dc4bb97603c409f003",
"https://android.googlesource.com/platform/frameworks/native/+/61d0f84881cfc1bbac513ccd156c56603a48cc90"
],
"spl": "2021-03-01",
"vanir_signatures": [
{
"deprecated": false,
"digest": {
"function_hash": "14323495333125928201094408655064891336",
"length": 310.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/58f5cfa56d5282e69a7580dc4bb97603c409f003",
"target": {
"function": "Parcel::readString16Inplace",
"file": "libs/binder/Parcel.cpp"
},
"exact_target_file_match_only": true,
"id": "ASB-A-172655291-3ab29c07"
},
{
"deprecated": false,
"digest": {
"function_hash": "155199087332238212672582879650942206396",
"length": 306.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/61d0f84881cfc1bbac513ccd156c56603a48cc90",
"target": {
"function": "Parcel::readString8Inplace",
"file": "libs/binder/Parcel.cpp"
},
"exact_target_file_match_only": true,
"id": "ASB-A-172655291-6be68fc9"
},
{
"deprecated": false,
"digest": {
"function_hash": "162717353080736272093174326081513843161",
"length": 335.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/61d0f84881cfc1bbac513ccd156c56603a48cc90",
"target": {
"function": "Parcel::readString16Inplace",
"file": "libs/binder/Parcel.cpp"
},
"exact_target_file_match_only": true,
"id": "ASB-A-172655291-86d2b7ed"
},
{
"deprecated": false,
"digest": {
"function_hash": "318975103396641318631900755869162983559",
"length": 283.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/58f5cfa56d5282e69a7580dc4bb97603c409f003",
"target": {
"function": "Parcel::readString8Inplace",
"file": "libs/binder/Parcel.cpp"
},
"exact_target_file_match_only": true,
"id": "ASB-A-172655291-92a96b40"
},
{
"deprecated": false,
"digest": {
"line_hashes": [
"322865476313340777091915096653650377060",
"276091546283325773004617093670692284652",
"251903058652865870957361320860499984858",
"171657341153430890903988388282077402813",
"19909563082220809183199822883322131293",
"83766156286888667104454507970843522805",
"26000267576433181097436669554255726371",
"171657341153430890903988388282077402813"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/58f5cfa56d5282e69a7580dc4bb97603c409f003",
"target": {
"file": "libs/binder/Parcel.cpp"
},
"exact_target_file_match_only": true,
"id": "ASB-A-172655291-fccb5503"
},
{
"deprecated": false,
"digest": {
"line_hashes": [
"117272116432469212887383918508486695146",
"234796714616440052647254139842786030213",
"308383320134710531814854476103164906946",
"114385395538681324247627216657205244201",
"194662331768927561943067146530608335365",
"111470376325268668543310118546180649522",
"70246565873847886514876344222188128607",
"294661870248710535343693010227814313452",
"252184798244344895437753169099460757295",
"194662331768927561943067146530608335365"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/61d0f84881cfc1bbac513ccd156c56603a48cc90",
"target": {
"file": "libs/binder/Parcel.cpp"
},
"exact_target_file_match_only": true,
"id": "ASB-A-172655291-fd1339ec"
}
],
"types": [
"ID"
]
}platform/system/tools/hidl
Package
- Name
- platform/system/tools/hidl
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/system/tools/hidl/+/f9a784013d8b6d519e66c2bee6384ad8a713ac25"
],
"spl": "2021-03-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/system/tools/hidl/+/f9a784013d8b6d519e66c2bee6384ad8a713ac25",
"target": {
"function": "TEST_F",
"file": "test/java_test/hidl_test_java_native.cpp"
},
"deprecated": false,
"digest": {
"function_hash": "129126988677395042074777166965345639604",
"length": 275.0
},
"signature_type": "Function",
"id": "ASB-A-172655291-a85fa401"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/system/tools/hidl/+/f9a784013d8b6d519e66c2bee6384ad8a713ac25",
"target": {
"file": "test/java_test/hidl_test_java_native.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"65377231514670430681092134733789602433",
"16554559094624643674299291549605159249",
"16180241113869774546390725953518373524",
"209143510232628260802169552209636584561",
"91778596322299643257831351822103764986",
"334540214220134854590336077835016533783",
"154174223077795945264101533024329688070",
"292624923856552263949758150199859703067"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-172655291-cc0f5675"
}
],
"types": [
"ID"
]
}