ASB-A-283962802

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-283962802.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-283962802
Aliases
Published
2023-12-01T00:00:00Z
Modified
2026-04-30T15:48:46.890647Z
Summary
[none]
Details

In visitUris of Notification.java, there is a possible way to display images from another user due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2023-12-01

Affected versions

Other
14-next

Ecosystem specific 

{
    "severity": "High",
    "spl": "2023-12-01",
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "digest": {
                "length": 2639.0,
                "function_hash": "29203323297885384493659448925045519817"
            },
            "id": "ASB-A-283962802-cb3b42fc",
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/d770f706d943a7ff3095fb0d18b73cd2820e5f0b",
            "target": {
                "file": "core/java/android/app/Notification.java",
                "function": "visitUris"
            }
        },
        {
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "171382021060146019994183810298757766274",
                    "209727135170950016619958327047086003845",
                    "222581126683593730429250548465234379834",
                    "182174804976035329774921094615038043771",
                    "303434344376307165755255759506123329699",
                    "96802014755626440041800288545893188987",
                    "243914122422970178253073277090849461956",
                    "106386172300797820375062882942015812786",
                    "275423800456750119830506244773551901606",
                    "38291429864868648221893071760536293121",
                    "63440471419771065461086291363062212153",
                    "202992266509600817457929899926101805783",
                    "90709302688690791459433359582740844527",
                    "189259289722399902992640661459053081761",
                    "110582045004914461110056641720439303365"
                ],
                "threshold": 0.9
            },
            "id": "ASB-A-283962802-d3192061",
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/d770f706d943a7ff3095fb0d18b73cd2820e5f0b",
            "target": {
                "file": "core/java/android/app/Notification.java"
            }
        }
    ],
    "types": [
        "ID"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/d770f706d943a7ff3095fb0d18b73cd2820e5f0b"
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-283962802.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2023-12-01

Affected versions

Other
11

Ecosystem specific 

{
    "severity": "High",
    "spl": "2023-12-01",
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "digest": {
                "length": 2445.0,
                "function_hash": "88690414053046570452154742374956197705"
            },
            "id": "ASB-A-283962802-722fe580",
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/a6f44e911f2d7204cc28c710e54f97c96231abab",
            "target": {
                "file": "core/java/android/app/Notification.java",
                "function": "visitUris"
            }
        },
        {
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "11425810881900634527917672131491316607",
                    "209727135170950016619958327047086003845",
                    "222581126683593730429250548465234379834",
                    "182174804976035329774921094615038043771",
                    "303434344376307165755255759506123329699",
                    "96802014755626440041800288545893188987",
                    "243914122422970178253073277090849461956",
                    "106386172300797820375062882942015812786",
                    "275423800456750119830506244773551901606",
                    "38291429864868648221893071760536293121",
                    "63440471419771065461086291363062212153",
                    "202992266509600817457929899926101805783",
                    "90709302688690791459433359582740844527",
                    "189259289722399902992640661459053081761",
                    "110582045004914461110056641720439303365"
                ],
                "threshold": 0.9
            },
            "id": "ASB-A-283962802-a8a9dd63",
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/a6f44e911f2d7204cc28c710e54f97c96231abab",
            "target": {
                "file": "core/java/android/app/Notification.java"
            }
        }
    ],
    "types": [
        "ID"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/a6f44e911f2d7204cc28c710e54f97c96231abab"
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-283962802.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2023-12-01

Affected versions

Other
12

Ecosystem specific 

{
    "severity": "High",
    "spl": "2023-12-01",
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "digest": {
                "length": 2768.0,
                "function_hash": "328630913936997539884917677266248587884"
            },
            "id": "ASB-A-283962802-725c912f",
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3d36966ea2aeebc3501a69a8ef7afce5ef593cee",
            "target": {
                "file": "core/java/android/app/Notification.java",
                "function": "visitUris"
            }
        },
        {
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "171382021060146019994183810298757766274",
                    "209727135170950016619958327047086003845",
                    "222581126683593730429250548465234379834",
                    "182174804976035329774921094615038043771",
                    "303434344376307165755255759506123329699",
                    "96802014755626440041800288545893188987",
                    "243914122422970178253073277090849461956",
                    "106386172300797820375062882942015812786",
                    "275423800456750119830506244773551901606",
                    "38291429864868648221893071760536293121",
                    "63440471419771065461086291363062212153",
                    "202992266509600817457929899926101805783",
                    "90709302688690791459433359582740844527",
                    "189259289722399902992640661459053081761",
                    "110582045004914461110056641720439303365"
                ],
                "threshold": 0.9
            },
            "id": "ASB-A-283962802-de09fca3",
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3d36966ea2aeebc3501a69a8ef7afce5ef593cee",
            "target": {
                "file": "core/java/android/app/Notification.java"
            }
        }
    ],
    "types": [
        "ID"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/3d36966ea2aeebc3501a69a8ef7afce5ef593cee"
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-283962802.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2023-12-01

Affected versions

Other
12L

Ecosystem specific 

{
    "severity": "High",
    "spl": "2023-12-01",
    "vanir_signatures": [
        {
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "171382021060146019994183810298757766274",
                    "209727135170950016619958327047086003845",
                    "222581126683593730429250548465234379834",
                    "182174804976035329774921094615038043771",
                    "303434344376307165755255759506123329699",
                    "96802014755626440041800288545893188987",
                    "243914122422970178253073277090849461956",
                    "106386172300797820375062882942015812786",
                    "275423800456750119830506244773551901606",
                    "38291429864868648221893071760536293121",
                    "63440471419771065461086291363062212153",
                    "202992266509600817457929899926101805783",
                    "90709302688690791459433359582740844527",
                    "189259289722399902992640661459053081761",
                    "110582045004914461110056641720439303365"
                ],
                "threshold": 0.9
            },
            "id": "ASB-A-283962802-481d01f5",
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3d36966ea2aeebc3501a69a8ef7afce5ef593cee",
            "target": {
                "file": "core/java/android/app/Notification.java"
            }
        },
        {
            "signature_type": "Function",
            "digest": {
                "length": 2768.0,
                "function_hash": "328630913936997539884917677266248587884"
            },
            "id": "ASB-A-283962802-5e8e5700",
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3d36966ea2aeebc3501a69a8ef7afce5ef593cee",
            "target": {
                "file": "core/java/android/app/Notification.java",
                "function": "visitUris"
            }
        }
    ],
    "types": [
        "ID"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/3d36966ea2aeebc3501a69a8ef7afce5ef593cee"
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-283962802.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-12-01

Affected versions

Other
13

Ecosystem specific 

{
    "severity": "High",
    "spl": "2023-12-01",
    "vanir_signatures": [
        {
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "171382021060146019994183810298757766274",
                    "209727135170950016619958327047086003845",
                    "222581126683593730429250548465234379834",
                    "182174804976035329774921094615038043771",
                    "303434344376307165755255759506123329699",
                    "96802014755626440041800288545893188987",
                    "243914122422970178253073277090849461956",
                    "106386172300797820375062882942015812786",
                    "275423800456750119830506244773551901606",
                    "38291429864868648221893071760536293121",
                    "63440471419771065461086291363062212153",
                    "202992266509600817457929899926101805783",
                    "90709302688690791459433359582740844527",
                    "189259289722399902992640661459053081761",
                    "110582045004914461110056641720439303365"
                ],
                "threshold": 0.9
            },
            "id": "ASB-A-283962802-2025cd56",
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3d36966ea2aeebc3501a69a8ef7afce5ef593cee",
            "target": {
                "file": "core/java/android/app/Notification.java"
            }
        },
        {
            "signature_type": "Function",
            "digest": {
                "length": 2768.0,
                "function_hash": "328630913936997539884917677266248587884"
            },
            "id": "ASB-A-283962802-4b971e19",
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3d36966ea2aeebc3501a69a8ef7afce5ef593cee",
            "target": {
                "file": "core/java/android/app/Notification.java",
                "function": "visitUris"
            }
        }
    ],
    "types": [
        "ID"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/3d36966ea2aeebc3501a69a8ef7afce5ef593cee"
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-283962802.json"