PUB-A-262741858

See a problem?
Import Source
https://storage.googleapis.com/android-osv/PUB-A-262741858.json
JSON Data
https://api.osv.dev/v1/vulns/PUB-A-262741858
Aliases
  • A-262741858
  • CVE-2023-21173
Published
2023-06-01T00:00:00Z
Modified
2024-11-06T12:16:03.231308Z
Summary
[none]
Details

In multiple methods of DataUsageList.java, there is a possible way to learn about admin user's network activities due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/apps/Settings

Package

Name
platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13-next:0
Fixed
13-next:2023-06-01

Affected versions

Other

13-next

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "match_only_versions": [
                "13-next"
            ],
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "32569975141686479981003098960280478356",
                    "173127936186801694195578711140485522282",
                    "97090324050850964667667642118603124579",
                    "174389673978059839694261603135996925531",
                    "233102936650294469795631145664821824925",
                    "221103839380331961422545687406576898947",
                    "230292310052077115710237894845570001739",
                    "118739222446852367311009387548311386765",
                    "278333887146769260561566951056405409100",
                    "153751349014364299696892701890372424824",
                    "112083166659703119651072135480952851833",
                    "323311542422114565825366049405899249337",
                    "315772537612822080025407691066257486907",
                    "317299657746041441650624568340216412263",
                    "112542688482582407366777557322775717439"
                ]
            },
            "id": "PUB-A-262741858-093275b1",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/6e79778d3c554afa5b1586bceafdc2371a43f0d2",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/datausage/DataUsageList.java"
            },
            "signature_type": "Line"
        },
        {
            "match_only_versions": [
                "13-next"
            ],
            "digest": {
                "length": 547.0,
                "function_hash": "34249184479794743587955506957943658487"
            },
            "id": "PUB-A-262741858-8251f28b",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/6e79778d3c554afa5b1586bceafdc2371a43f0d2",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/datausage/DataUsageList.java",
                "function": "onCreate"
            },
            "signature_type": "Function"
        },
        {
            "match_only_versions": [
                "13-next"
            ],
            "digest": {
                "length": 109.0,
                "function_hash": "5939660192206848247674928364732144859"
            },
            "id": "PUB-A-262741858-ed37da89",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/6e79778d3c554afa5b1586bceafdc2371a43f0d2",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/datausage/DataUsageList.java",
                "function": "onDestroy"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/6e79778d3c554afa5b1586bceafdc2371a43f0d2"
    ],
    "spl": "2023-06-01",
    "severity": "Moderate",
    "types": [
        "ID"
    ]
}