CVE-2023-21017

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-21017

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-21017.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-21017

Aliases

A-236687884
PUB-A-236687884

Published

2023-03-24T20:15:13.183Z

Modified

2026-03-14T12:01:27.766487Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In InstallStart of InstallStart.java, there is a possible way to change the installer package name due to an improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236687884

References

https://source.android.com/security/bulletin/pixel/2023-03-01

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "13.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-21017.json"