PUB-A-256591441
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/PUB-A-256591441.json
- JSON Data
- https://api.osv.dev/v1/vulns/PUB-A-256591441
- Aliases
-
- A-256591441
- CVE-2023-21020
- Published
- 2023-03-01T00:00:00Z
- Modified
- 2026-01-22T17:09:51.847580Z
- Summary
- [none]
- Details
-
In registerSignalHandlers of main.c, there is a possible local arbitrary code execution due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/packages/modules/StatsD
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/packages/modules/StatsD/+/992c86cfa9b615e8e62426a5014a0b10501a37b0"
],
"vanir_signatures": [
{
"source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/992c86cfa9b615e8e62426a5014a0b10501a37b0",
"deprecated": false,
"digest": {
"line_hashes": [
"314817827637828342880955890469328961627",
"260969941955375475668777182419459543626",
"334113579255801437038977983441306919034",
"173189343450552462395248524531502233542",
"129849452835575680659823935461717724920",
"83718369344036115522319402550543040334",
"16001930605414978469470912963344849182",
"195955100118898708897446181034483366226",
"273349282485225985937796567476237427484",
"91397241793206339794653254615417520385",
"29807277704382798858935598479353289843",
"48577354335287188420686873933696083621",
"102427140245959600049550732061187805794",
"178441290731508068702537209819204515910",
"215272494121980979092601051813263149914",
"222676632469001025285115379168911905242",
"312872181474121745233895410469015452914",
"96305273537978682458243178994480165515",
"201773762346121508239117422335800833156",
"149403628616472136907591886240779207234",
"315883162896068618317386544602119111075",
"331364431804415054580799380184035610880",
"22180935920724786830384601289094655121",
"191866813637121691927494984062773796535",
"158986997174725434635601432989179524147",
"92727982918979718084508866640117533563",
"183533875569848885046573331264109545684",
"268274132982296726754680370187504993786"
],
"threshold": 0.9
},
"match_only_versions": [
"13"
],
"signature_version": "v1",
"target": {
"file": "statsd/src/main.cpp"
},
"signature_type": "Line",
"id": "PUB-A-256591441-2cccb8f5"
},
{
"source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/992c86cfa9b615e8e62426a5014a0b10501a37b0",
"deprecated": false,
"digest": {
"length": 351.0,
"function_hash": "151766590558765629684275105768374584739"
},
"match_only_versions": [
"13"
],
"signature_version": "v1",
"target": {
"function": "signalHandler",
"file": "statsd/src/main.cpp"
},
"signature_type": "Function",
"id": "PUB-A-256591441-d536ed8c"
},
{
"source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/992c86cfa9b615e8e62426a5014a0b10501a37b0",
"deprecated": false,
"digest": {
"length": 324.0,
"function_hash": "201987785594624122716473348128341216944"
},
"match_only_versions": [
"13"
],
"signature_version": "v1",
"target": {
"function": "registerSignalHandlers",
"file": "statsd/src/main.cpp"
},
"signature_type": "Function",
"id": "PUB-A-256591441-e177e40f"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/992c86cfa9b615e8e62426a5014a0b10501a37b0",
"deprecated": false,
"digest": {
"length": 826.0,
"function_hash": "151065701975192630090666588795524179466"
},
"signature_type": "Function",
"id": "PUB-A-256591441-e7c384e0",
"target": {
"function": "main",
"file": "statsd/src/main.cpp"
}
}
],
"types": [
"EoP"
],
"severity": "Moderate",
"spl": "2023-03-01"
}