ASB-A-224771621

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-224771621.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-224771621
Aliases
Published
2023-10-01T00:00:00Z
Modified
2026-04-24T15:37:38.793646Z
Summary
[none]
Details

In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2023-10-01

Affected versions

Other
14-next

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "91430442698769588082946095537832694273",
                    "20026852134819942257321237996885029255",
                    "40202397281895256590539654412865972135",
                    "50951509129200039129727141957125128952",
                    "119153895310442971121653871419161057127",
                    "233941376171148845727814306014660242510",
                    "328591897088368036931992023040705824379",
                    "331022390354213500580369461296128589367",
                    "99802358205671677310842177324450502666",
                    "187295020737331672904278640354158062270",
                    "248156025000407165605799185144903196744",
                    "179301388443848148578845235787293899387",
                    "107870144222067608556514995861480788614",
                    "231700832369868250746759799492792043918"
                ]
            },
            "id": "ASB-A-224771621-1b43d100",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/0e371afb3000c499e0781168ec881a47eab93bad",
            "deprecated": false,
            "target": {
                "file": "core/java/android/database/DatabaseUtils.java"
            },
            "signature_version": "v1"
        },
        {
            "digest": {
                "function_hash": "43765961898805927503019869372948122505",
                "length": 391.0
            },
            "id": "ASB-A-224771621-7e8b21d9",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/0e371afb3000c499e0781168ec881a47eab93bad",
            "deprecated": false,
            "target": {
                "function": "appendEscapedSQLString",
                "file": "core/java/android/database/DatabaseUtils.java"
            },
            "signature_version": "v1"
        }
    ],
    "types": [
        "ID"
    ],
    "spl": "2023-10-01",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/0e371afb3000c499e0781168ec881a47eab93bad"
    ],
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-224771621.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2023-10-01

Affected versions

Other
11

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "91430442698769588082946095537832694273",
                    "20026852134819942257321237996885029255",
                    "40202397281895256590539654412865972135",
                    "50951509129200039129727141957125128952",
                    "119153895310442971121653871419161057127",
                    "233941376171148845727814306014660242510",
                    "328591897088368036931992023040705824379",
                    "331022390354213500580369461296128589367",
                    "99802358205671677310842177324450502666",
                    "187295020737331672904278640354158062270",
                    "248156025000407165605799185144903196744",
                    "179301388443848148578845235787293899387",
                    "107870144222067608556514995861480788614",
                    "231700832369868250746759799492792043918"
                ]
            },
            "id": "ASB-A-224771621-08e678a4",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/fb4a72e3943d166088407e61aa4439ac349f3f12",
            "deprecated": false,
            "target": {
                "file": "core/java/android/database/DatabaseUtils.java"
            },
            "signature_version": "v1"
        },
        {
            "digest": {
                "function_hash": "43765961898805927503019869372948122505",
                "length": 391.0
            },
            "id": "ASB-A-224771621-1f3d7e7f",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/fb4a72e3943d166088407e61aa4439ac349f3f12",
            "deprecated": false,
            "target": {
                "function": "appendEscapedSQLString",
                "file": "core/java/android/database/DatabaseUtils.java"
            },
            "signature_version": "v1"
        }
    ],
    "types": [
        "ID"
    ],
    "spl": "2023-10-01",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/fb4a72e3943d166088407e61aa4439ac349f3f12"
    ],
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-224771621.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2023-10-01

Affected versions

Other
12

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "91430442698769588082946095537832694273",
                    "20026852134819942257321237996885029255",
                    "40202397281895256590539654412865972135",
                    "50951509129200039129727141957125128952",
                    "119153895310442971121653871419161057127",
                    "233941376171148845727814306014660242510",
                    "328591897088368036931992023040705824379",
                    "331022390354213500580369461296128589367",
                    "99802358205671677310842177324450502666",
                    "187295020737331672904278640354158062270",
                    "248156025000407165605799185144903196744",
                    "179301388443848148578845235787293899387",
                    "107870144222067608556514995861480788614",
                    "231700832369868250746759799492792043918"
                ]
            },
            "id": "ASB-A-224771621-76b7a6a2",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/fb4a72e3943d166088407e61aa4439ac349f3f12",
            "deprecated": false,
            "target": {
                "file": "core/java/android/database/DatabaseUtils.java"
            },
            "signature_version": "v1"
        },
        {
            "digest": {
                "function_hash": "43765961898805927503019869372948122505",
                "length": 391.0
            },
            "id": "ASB-A-224771621-9d6c69de",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/fb4a72e3943d166088407e61aa4439ac349f3f12",
            "deprecated": false,
            "target": {
                "function": "appendEscapedSQLString",
                "file": "core/java/android/database/DatabaseUtils.java"
            },
            "signature_version": "v1"
        }
    ],
    "types": [
        "ID"
    ],
    "spl": "2023-10-01",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/fb4a72e3943d166088407e61aa4439ac349f3f12"
    ],
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-224771621.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2023-10-01

Affected versions

Other
12L

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "function_hash": "43765961898805927503019869372948122505",
                "length": 391.0
            },
            "id": "ASB-A-224771621-abf2c345",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/fb4a72e3943d166088407e61aa4439ac349f3f12",
            "deprecated": false,
            "target": {
                "function": "appendEscapedSQLString",
                "file": "core/java/android/database/DatabaseUtils.java"
            },
            "signature_version": "v1"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "91430442698769588082946095537832694273",
                    "20026852134819942257321237996885029255",
                    "40202397281895256590539654412865972135",
                    "50951509129200039129727141957125128952",
                    "119153895310442971121653871419161057127",
                    "233941376171148845727814306014660242510",
                    "328591897088368036931992023040705824379",
                    "331022390354213500580369461296128589367",
                    "99802358205671677310842177324450502666",
                    "187295020737331672904278640354158062270",
                    "248156025000407165605799185144903196744",
                    "179301388443848148578845235787293899387",
                    "107870144222067608556514995861480788614",
                    "231700832369868250746759799492792043918"
                ]
            },
            "id": "ASB-A-224771621-b12023e7",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/fb4a72e3943d166088407e61aa4439ac349f3f12",
            "deprecated": false,
            "target": {
                "file": "core/java/android/database/DatabaseUtils.java"
            },
            "signature_version": "v1"
        }
    ],
    "types": [
        "ID"
    ],
    "spl": "2023-10-01",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/fb4a72e3943d166088407e61aa4439ac349f3f12"
    ],
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-224771621.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-10-01

Affected versions

Other
13

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "91430442698769588082946095537832694273",
                    "20026852134819942257321237996885029255",
                    "40202397281895256590539654412865972135",
                    "50951509129200039129727141957125128952",
                    "119153895310442971121653871419161057127",
                    "233941376171148845727814306014660242510",
                    "328591897088368036931992023040705824379",
                    "331022390354213500580369461296128589367",
                    "99802358205671677310842177324450502666",
                    "187295020737331672904278640354158062270",
                    "248156025000407165605799185144903196744",
                    "179301388443848148578845235787293899387",
                    "107870144222067608556514995861480788614",
                    "231700832369868250746759799492792043918"
                ]
            },
            "id": "ASB-A-224771621-28d4ee58",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/fb4a72e3943d166088407e61aa4439ac349f3f12",
            "deprecated": false,
            "target": {
                "file": "core/java/android/database/DatabaseUtils.java"
            },
            "signature_version": "v1"
        },
        {
            "digest": {
                "function_hash": "43765961898805927503019869372948122505",
                "length": 391.0
            },
            "id": "ASB-A-224771621-8b04361a",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/fb4a72e3943d166088407e61aa4439ac349f3f12",
            "deprecated": false,
            "target": {
                "function": "appendEscapedSQLString",
                "file": "core/java/android/database/DatabaseUtils.java"
            },
            "signature_version": "v1"
        }
    ],
    "types": [
        "ID"
    ],
    "spl": "2023-10-01",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/fb4a72e3943d166088407e61aa4439ac349f3f12"
    ],
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-224771621.json"