ASB-A-330054251

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-330054251.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-330054251
Aliases
Published
2024-06-01T00:00:00Z
Modified
2026-04-24T15:37:38.793646Z
Summary
[none]
Details

In incrementannotationcount of stats_event.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android
platform/packages/modules/StatsD

Package

Name
platform/packages/modules/StatsD

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2024-06-01

Affected versions

Other
14-next

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "25608807365508790758592269875890469658",
                    "275547101538307787913205473237144764838",
                    "240572379499218011316952381048467884487",
                    "297955085587280879483905699524165595939"
                ]
            },
            "id": "ASB-A-330054251-1b098996",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/39d3f08cbea67468411d8becd03f31f3a1a1be9d",
            "target": {
                "file": "lib/libstatssocket/stats_event.c"
            }
        },
        {
            "digest": {
                "length": 372.0,
                "function_hash": "188177099814377904508818737966482960063"
            },
            "id": "ASB-A-330054251-afd99fd0",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/39d3f08cbea67468411d8becd03f31f3a1a1be9d",
            "target": {
                "function": "increment_annotation_count",
                "file": "lib/libstatssocket/stats_event.c"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/StatsD/+/39d3f08cbea67468411d8becd03f31f3a1a1be9d"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2024-06-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-330054251.json"
platform/packages/modules/StatsD

Package

Name
platform/packages/modules/StatsD

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2024-06-01

Affected versions

Other
12

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "40818449407841122966676705733223152827",
                    "275547101538307787913205473237144764838",
                    "240572379499218011316952381048467884487",
                    "297955085587280879483905699524165595939"
                ]
            },
            "id": "ASB-A-330054251-302264be",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08",
            "target": {
                "file": "lib/libstatssocket/stats_event.c"
            }
        },
        {
            "digest": {
                "length": 372.0,
                "function_hash": "188177099814377904508818737966482960063"
            },
            "id": "ASB-A-330054251-c744808b",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08",
            "target": {
                "function": "increment_annotation_count",
                "file": "lib/libstatssocket/stats_event.c"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2024-06-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-330054251.json"
platform/packages/modules/StatsD

Package

Name
platform/packages/modules/StatsD

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2024-06-01

Affected versions

Other
12L

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 372.0,
                "function_hash": "188177099814377904508818737966482960063"
            },
            "id": "ASB-A-330054251-93232e0a",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08",
            "target": {
                "function": "increment_annotation_count",
                "file": "lib/libstatssocket/stats_event.c"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "40818449407841122966676705733223152827",
                    "275547101538307787913205473237144764838",
                    "240572379499218011316952381048467884487",
                    "297955085587280879483905699524165595939"
                ]
            },
            "id": "ASB-A-330054251-f9eee20e",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08",
            "target": {
                "file": "lib/libstatssocket/stats_event.c"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2024-06-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-330054251.json"
platform/packages/modules/StatsD

Package

Name
platform/packages/modules/StatsD

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2024-06-01

Affected versions

Other
13

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 372.0,
                "function_hash": "188177099814377904508818737966482960063"
            },
            "id": "ASB-A-330054251-08dfc1af",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08",
            "target": {
                "function": "increment_annotation_count",
                "file": "lib/libstatssocket/stats_event.c"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "40818449407841122966676705733223152827",
                    "275547101538307787913205473237144764838",
                    "240572379499218011316952381048467884487",
                    "297955085587280879483905699524165595939"
                ]
            },
            "id": "ASB-A-330054251-32789bf8",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08",
            "target": {
                "file": "lib/libstatssocket/stats_event.c"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2024-06-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-330054251.json"
platform/packages/modules/StatsD

Package

Name
platform/packages/modules/StatsD

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2024-06-01

Affected versions

Other
14

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "40818449407841122966676705733223152827",
                    "275547101538307787913205473237144764838",
                    "240572379499218011316952381048467884487",
                    "297955085587280879483905699524165595939"
                ]
            },
            "id": "ASB-A-330054251-6fdf7709",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08",
            "target": {
                "file": "lib/libstatssocket/stats_event.c"
            }
        },
        {
            "digest": {
                "length": 372.0,
                "function_hash": "188177099814377904508818737966482960063"
            },
            "id": "ASB-A-330054251-b4122673",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08",
            "target": {
                "function": "increment_annotation_count",
                "file": "lib/libstatssocket/stats_event.c"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2024-06-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-330054251.json"