ASB-A-273966636
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-273966636.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-273966636
- Aliases
-
- A-273966636
- CVE-2023-35673
- Published
- 2023-09-01T00:00:00Z
- Modified
- 2026-04-17T15:55:28.020024Z
- Summary
- [none]
- Details
-
In buildreadmultirsp of gattsr.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/packages/modules/Bluetooth
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 1856.0,
"function_hash": "240925002555156140249518465647210347099"
},
"id": "ASB-A-273966636-4055f2f0",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/70a4d628fa016a9487fae07f211644b95e1f0000",
"target": {
"function": "build_read_multi_rsp",
"file": "system/stack/gatt/gatt_sr.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"2595529555414629676206999964520684550",
"183504299268696529699332370268148851082",
"199471212518345456923129245182522694027",
"252152932270604754934792315083902041917",
"51554914984240895083286702700298661153",
"54865752525013115485817960974458127610",
"138400960017935528663548606489186108685",
"36679679188416012704038671968509033341",
"122920067994958519894144405910339995677",
"262658403677556901038941525980560849440",
"333165447868284643075011688300903607556",
"237475983115649658632985560846409519343",
"13227297075605735205156259313947404717",
"85253462756822884360816865997710830720"
]
},
"id": "ASB-A-273966636-ae4e247b",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/70a4d628fa016a9487fae07f211644b95e1f0000",
"target": {
"file": "system/stack/gatt/gatt_sr.cc"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/70a4d628fa016a9487fae07f211644b95e1f0000"
],
"types": [
"RCE"
],
"spl": "2023-09-01",
"severity": "Critical"
}
Android / platform/packages/modules/Bluetooth
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 1856.0,
"function_hash": "240925002555156140249518465647210347099"
},
"id": "ASB-A-273966636-9220b9a5",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/badb8ffce06b517cbcfdbfa68cb7b7e02d22494a",
"target": {
"function": "build_read_multi_rsp",
"file": "system/stack/gatt/gatt_sr.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"2595529555414629676206999964520684550",
"183504299268696529699332370268148851082",
"199471212518345456923129245182522694027",
"252152932270604754934792315083902041917",
"51554914984240895083286702700298661153",
"54865752525013115485817960974458127610",
"138400960017935528663548606489186108685",
"36679679188416012704038671968509033341",
"122920067994958519894144405910339995677",
"262658403677556901038941525980560849440",
"333165447868284643075011688300903607556",
"237475983115649658632985560846409519343",
"13227297075605735205156259313947404717",
"85253462756822884360816865997710830720"
]
},
"id": "ASB-A-273966636-ebc12258",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/badb8ffce06b517cbcfdbfa68cb7b7e02d22494a",
"target": {
"file": "system/stack/gatt/gatt_sr.cc"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/badb8ffce06b517cbcfdbfa68cb7b7e02d22494a"
],
"types": [
"RCE"
],
"spl": "2023-09-01",
"severity": "Critical"
}