PUB-A-225981754
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/PUB-A-225981754.json
- JSON Data
- https://api.osv.dev/v1/vulns/PUB-A-225981754
- Aliases
-
- A-225981754
- CVE-2022-20505
- Published
- 2022-12-01T00:00:00Z
- Modified
- 2026-01-23T16:23:33.225832Z
- Summary
- [none]
- Details
-
In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation
- References
Affected packages
Android / platform/packages/providers/ContactsProvider
Package
Ecosystem specific
{
"types": [
"EoP"
],
"spl": "2022-12-01",
"vanir_signatures": [
{
"signature_version": "v1",
"signature_type": "Function",
"id": "PUB-A-225981754-3d976d42",
"digest": {
"length": 983.0,
"function_hash": "231545673366050250262952693884714281968"
},
"source": "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/c5da1394740292b036fa0d0b7ad9b96f0851b799",
"target": {
"file": "src/com/android/providers/contacts/CallLogProvider.java",
"function": "openFile"
},
"deprecated": false
},
{
"signature_version": "v1",
"signature_type": "Function",
"id": "PUB-A-225981754-68f2dffb",
"digest": {
"length": 774.0,
"function_hash": "59884867351264151132995485155170850686"
},
"source": "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/c5da1394740292b036fa0d0b7ad9b96f0851b799",
"target": {
"file": "src/com/android/providers/contacts/CallLogProvider.java",
"function": "allocateNewCallComposerPicture"
},
"deprecated": false
},
{
"signature_version": "v1",
"signature_type": "Function",
"id": "PUB-A-225981754-8c59c626",
"digest": {
"length": 351.0,
"function_hash": "192327671234739927967485161192599275251"
},
"source": "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/c5da1394740292b036fa0d0b7ad9b96f0851b799",
"target": {
"file": "src/com/android/providers/contacts/CallLogProvider.java",
"function": "deleteCallComposerPicture"
},
"deprecated": false
},
{
"signature_version": "v1",
"signature_type": "Function",
"id": "PUB-A-225981754-e1785b78",
"digest": {
"length": 1646.0,
"function_hash": "309386010514092342042245267834131134851"
},
"source": "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/c5da1394740292b036fa0d0b7ad9b96f0851b799",
"target": {
"file": "src/com/android/providers/contacts/CallLogProvider.java",
"function": "syncCallComposerPics"
},
"deprecated": false
},
{
"signature_version": "v1",
"signature_type": "Line",
"id": "PUB-A-225981754-e81a86e5",
"digest": {
"line_hashes": [
"90411726906254443426730435841338685706",
"261713554497495016265945414111035963751",
"223484236778549619715047498372853515431",
"212727300813294272073991136558766830669",
"145291450032720118371994974066181749592",
"83206619313910695128548435682764265229",
"280624185982056141154666206410484568009",
"248111705161388651356813266075245029722",
"114304497285397900491032554899316901320",
"165472891104289477114417372168957371229",
"148501115818883676817113523476465475572",
"279890213913258310656874654355957680438",
"258179191018602781453434504890871419424",
"261990686389993149118546137426451388807",
"157793474918727384552935276709041265292",
"303394727368492633530529340784274426657",
"18965481648146670354266081386648002232",
"251697982678667641201019146966373741689",
"39973034611118046241533072751258587783",
"264085753851315626503573994444377012027",
"98091311131399214891666419273000917671",
"216220454372179139125795804482220632779",
"47401923675628117697947464933786772299",
"84548400442674366318118914823687679270",
"287859958430371281590258505168553971026",
"159810972737882846981070977960741004821",
"102462974237692409826427485140294425528",
"2281476316063599756271812216418645963",
"302497987735875217573044640396691592319",
"123583553300097912274155540290893791864",
"109127505205732677383334803609398725149"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/c5da1394740292b036fa0d0b7ad9b96f0851b799",
"target": {
"file": "src/com/android/providers/contacts/CallLogProvider.java"
},
"deprecated": false
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/c5da1394740292b036fa0d0b7ad9b96f0851b799"
],
"severity": "Moderate"
}