ASB-A-174488848

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-174488848.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-174488848
Aliases
  • A-174488848
  • CVE-2021-0427
Published
2021-04-01T00:00:00Z
Modified
2024-08-07T19:30:03.578498Z
Summary
[[statsd] out-of-bounds write in statsd when processing ExclusiveStateFieldIndex]
Details

In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-04-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 360.0,
                "function_hash": "188024527720341225668169443149594420673"
            },
            "id": "ASB-A-174488848-1b169a3f",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/53251a491faab1fb88e28b7cafe5913842b8d71d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "cmds/statsd/src/logd/LogEvent.cpp",
                "function": "LogEvent::parseIsUidAnnotation"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 308.0,
                "function_hash": "175558666796953796107220613602050330302"
            },
            "id": "ASB-A-174488848-407af62f",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/53251a491faab1fb88e28b7cafe5913842b8d71d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "cmds/statsd/src/logd/LogEvent.cpp",
                "function": "LogEvent::parsePrimaryFieldFirstUidAnnotation"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 728.0,
                "function_hash": "27933596714342811403091895685666575677"
            },
            "id": "ASB-A-174488848-55386cee",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/53251a491faab1fb88e28b7cafe5913842b8d71d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "cmds/statsd/src/logd/LogEvent.cpp",
                "function": "LogEvent::parseAttributionChain"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "45749945900986651682789447668107471330",
                    "28869259496116186635508926806468558931",
                    "160834301108951043881162725229594969326",
                    "18874651716543263524434139933451271809",
                    "203918327907375847094678183796057978731",
                    "329971401263944470619549188024000808606",
                    "55934563699274621057207141966045347719",
                    "207866826045089815824017946649784574558",
                    "110556709531097063407242079472807619929",
                    "277499338303590650957135787045604223637",
                    "146807033573007738003213150918496229092",
                    "156380502050762537571943980764666516149",
                    "280594966967257434157700784230914616702",
                    "308198527780794404026347645098229454075",
                    "73417190750867575356364092400627357371",
                    "86096920714566775930946761854421095523",
                    "248627709479850686139320298113134961657",
                    "265510423570908768279337265549062139462",
                    "199349127725739113474365462728514023771",
                    "204757152196314333857303319276180467059",
                    "229686488660786311839501590523233361937"
                ]
            },
            "id": "ASB-A-174488848-6fe2a9fc",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/53251a491faab1fb88e28b7cafe5913842b8d71d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "cmds/statsd/src/logd/LogEvent.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "47235136532193763404419238827143392553",
                    "53250033784873243882588688827608939735",
                    "108587633537507210242609878158511307392"
                ]
            },
            "id": "ASB-A-174488848-96e690e7",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/53251a491faab1fb88e28b7cafe5913842b8d71d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "cmds/statsd/tests/LogEvent_test.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 365.0,
                "function_hash": "26104577300647160386060994418956620013"
            },
            "id": "ASB-A-174488848-c3ee23f3",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/53251a491faab1fb88e28b7cafe5913842b8d71d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "cmds/statsd/src/logd/LogEvent.cpp",
                "function": "LogEvent::parseExclusiveStateAnnotation"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/53251a491faab1fb88e28b7cafe5913842b8d71d"
    ],
    "spl": "2021-04-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}