ASB-A-287184435

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-287184435.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-287184435
Aliases
  • A-287184435
  • CVE-2024-34727
Published
2024-08-01T00:00:00Z
Modified
2024-08-13T15:06:00Z
Summary
a2dp_fuzz: Heap-buffer-overflow in sdpu_compare_uuid_with_attr
Details

In sdpucompareuuidwithattr of sdp_utils.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2024-08-01

Affected versions

Other

14-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 435.0,
                "function_hash": "36124008880444953329645145654613027992"
            },
            "id": "ASB-A-287184435-4d5a857a",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/041220978bd8cb0573a7a6679e16cfc843cc9a39",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/sdp/sdp_utils.cc",
                "function": "sdpu_compare_uuid_with_attr"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "139131443945002606912506064455006689017",
                    "253207943261305781236343062435265004432",
                    "250908622023246894622366699106192517526",
                    "335091853755149266420202824179508457061",
                    "308375983938059669047339829356505397501"
                ]
            },
            "id": "ASB-A-287184435-ff44d061",
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/041220978bd8cb0573a7a6679e16cfc843cc9a39",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "system/stack/sdp/sdp_utils.cc"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/041220978bd8cb0573a7a6679e16cfc843cc9a39"
    ],
    "spl": "2024-08-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2024-08-01

Affected versions

Other

13

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7bbdb139bf91dca86c72c33a74c0e3407938c487"
    ],
    "spl": "2024-08-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2024-08-01

Affected versions

Other

14

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7bbdb139bf91dca86c72c33a74c0e3407938c487"
    ],
    "spl": "2024-08-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}