PUB-A-225981754

See a problem?
Import Source
https://storage.googleapis.com/android-osv/PUB-A-225981754.json
JSON Data
https://api.osv.dev/v1/vulns/PUB-A-225981754
Aliases
  • A-225981754
  • CVE-2022-20505
Published
2022-12-01T00:00:00Z
Modified
2024-11-06T12:16:03.231308Z
Summary
[none]
Details

In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation

References

Affected packages

Android / platform/packages/providers/ContactsProvider

Package

Name
platform/packages/providers/ContactsProvider

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2022-12-01

Affected versions

Other

13

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 983.0,
                "function_hash": "231545673366050250262952693884714281968"
            },
            "id": "PUB-A-225981754-3d976d42",
            "source": "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/c5da1394740292b036fa0d0b7ad9b96f0851b799",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/contacts/CallLogProvider.java",
                "function": "openFile"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 774.0,
                "function_hash": "59884867351264151132995485155170850686"
            },
            "id": "PUB-A-225981754-68f2dffb",
            "source": "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/c5da1394740292b036fa0d0b7ad9b96f0851b799",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/contacts/CallLogProvider.java",
                "function": "allocateNewCallComposerPicture"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 351.0,
                "function_hash": "192327671234739927967485161192599275251"
            },
            "id": "PUB-A-225981754-8c59c626",
            "source": "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/c5da1394740292b036fa0d0b7ad9b96f0851b799",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/contacts/CallLogProvider.java",
                "function": "deleteCallComposerPicture"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1646.0,
                "function_hash": "309386010514092342042245267834131134851"
            },
            "id": "PUB-A-225981754-e1785b78",
            "source": "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/c5da1394740292b036fa0d0b7ad9b96f0851b799",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/contacts/CallLogProvider.java",
                "function": "syncCallComposerPics"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "90411726906254443426730435841338685706",
                    "261713554497495016265945414111035963751",
                    "223484236778549619715047498372853515431",
                    "212727300813294272073991136558766830669",
                    "145291450032720118371994974066181749592",
                    "83206619313910695128548435682764265229",
                    "280624185982056141154666206410484568009",
                    "248111705161388651356813266075245029722",
                    "114304497285397900491032554899316901320",
                    "165472891104289477114417372168957371229",
                    "148501115818883676817113523476465475572",
                    "279890213913258310656874654355957680438",
                    "258179191018602781453434504890871419424",
                    "261990686389993149118546137426451388807",
                    "157793474918727384552935276709041265292",
                    "303394727368492633530529340784274426657",
                    "18965481648146670354266081386648002232",
                    "251697982678667641201019146966373741689",
                    "39973034611118046241533072751258587783",
                    "264085753851315626503573994444377012027",
                    "98091311131399214891666419273000917671",
                    "216220454372179139125795804482220632779",
                    "47401923675628117697947464933786772299",
                    "84548400442674366318118914823687679270",
                    "287859958430371281590258505168553971026",
                    "159810972737882846981070977960741004821",
                    "102462974237692409826427485140294425528",
                    "2281476316063599756271812216418645963",
                    "302497987735875217573044640396691592319",
                    "123583553300097912274155540290893791864",
                    "109127505205732677383334803609398725149"
                ]
            },
            "id": "PUB-A-225981754-e81a86e5",
            "source": "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/c5da1394740292b036fa0d0b7ad9b96f0851b799",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/contacts/CallLogProvider.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/c5da1394740292b036fa0d0b7ad9b96f0851b799"
    ],
    "spl": "2022-12-01",
    "severity": "Moderate",
    "types": [
        "EoP"
    ]
}