ASB-A-205570663

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-205570663.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-205570663
Aliases
  • A-205570663
  • CVE-2022-20410
Published
2022-10-01T00:00:00Z
Modified
2024-08-07T19:30:16.081945Z
Summary
[Crafted AVRCP Response Causes Out-of-bounds Read in Bluetooth]
Details

In avrcctrlparsvendorrsp of avrcparsct.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/system/bt

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2022-10-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "53851562581457439053319150279614511705",
                    "28371810934832898202729681298911626759",
                    "1038927059233479462940346190604856113"
                ]
            },
            "id": "ASB-A-205570663-5091fa9b",
            "source": "https://android.googlesource.com/platform/system/bt/+/96ef1fc9cbe38f1224b4e4a2dca3ecfb44a6aece",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "stack/test/stack_avrcp_test.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 7320.0,
                "function_hash": "92219160472489548622221663059819042208"
            },
            "id": "ASB-A-205570663-813159a3",
            "source": "https://android.googlesource.com/platform/system/bt/+/96ef1fc9cbe38f1224b4e4a2dca3ecfb44a6aece",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "stack/avrc/avrc_pars_ct.cc",
                "function": "avrc_pars_browse_rsp"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 9897.0,
                "function_hash": "292198416997601795162240660694263142047"
            },
            "id": "ASB-A-205570663-b881c95f",
            "source": "https://android.googlesource.com/platform/system/bt/+/96ef1fc9cbe38f1224b4e4a2dca3ecfb44a6aece",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "stack/avrc/avrc_pars_ct.cc",
                "function": "avrc_ctrl_pars_vendor_rsp"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "63583063595761140445482535452589672429",
                    "68410126764287957455050860694611700816",
                    "259940881132413122271356701085610463946",
                    "256589493414692726532016141215428481876",
                    "191780761388653028100331694163962438138",
                    "227368121575231130679150458873269756327",
                    "284618433328015474291936650139298165875",
                    "201856332268137352919152824968009853259",
                    "89865430647722801759415086903173574258",
                    "316722222297529422587946003080859842411",
                    "133836755153463298081038162834729496614",
                    "7669396494182478580668665439355794079",
                    "36341816297097638823385752921161426396",
                    "268282454438475565898807743029970304883",
                    "239866384995723808097547875075006491138",
                    "51381993229652904914554255928572124248",
                    "112727163075927763606166442381030959436",
                    "301463966112709557639663298463362444321",
                    "107852372975393639626537855372490326713"
                ]
            },
            "id": "ASB-A-205570663-f8ae376b",
            "source": "https://android.googlesource.com/platform/system/bt/+/96ef1fc9cbe38f1224b4e4a2dca3ecfb44a6aece",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "stack/avrc/avrc_pars_ct.cc"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/bt/+/96ef1fc9cbe38f1224b4e4a2dca3ecfb44a6aece"
    ],
    "spl": "2022-10-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/system/bt

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2022-10-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 9902.0,
                "function_hash": "212237906486955620618367297289880682168"
            },
            "id": "ASB-A-205570663-05723f9e",
            "source": "https://android.googlesource.com/platform/system/bt/+/53aff7d1e018c5d5f4eb5d09eecfaad760e92ec4",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "stack/avrc/avrc_pars_ct.cc",
                "function": "avrc_ctrl_pars_vendor_rsp"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "63583063595761140445482535452589672429",
                    "68410126764287957455050860694611700816",
                    "259940881132413122271356701085610463946",
                    "256589493414692726532016141215428481876",
                    "191780761388653028100331694163962438138",
                    "227368121575231130679150458873269756327",
                    "284618433328015474291936650139298165875",
                    "201856332268137352919152824968009853259",
                    "89865430647722801759415086903173574258",
                    "316722222297529422587946003080859842411",
                    "191780761388653028100331694163962438138",
                    "227368121575231130679150458873269756327",
                    "284618433328015474291936650139298165875",
                    "59531908524829764323093178824293519953",
                    "89865430647722801759415086903173574258",
                    "74044567333134222198116207824982572185",
                    "133836755153463298081038162834729496614",
                    "7669396494182478580668665439355794079",
                    "36341816297097638823385752921161426396",
                    "268282454438475565898807743029970304883",
                    "239866384995723808097547875075006491138",
                    "51381993229652904914554255928572124248",
                    "112727163075927763606166442381030959436",
                    "301463966112709557639663298463362444321",
                    "107852372975393639626537855372490326713"
                ]
            },
            "id": "ASB-A-205570663-29a3abcc",
            "source": "https://android.googlesource.com/platform/system/bt/+/53aff7d1e018c5d5f4eb5d09eecfaad760e92ec4",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "stack/avrc/avrc_pars_ct.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "53851562581457439053319150279614511705",
                    "28371810934832898202729681298911626759",
                    "1038927059233479462940346190604856113"
                ]
            },
            "id": "ASB-A-205570663-36345f6f",
            "source": "https://android.googlesource.com/platform/system/bt/+/53aff7d1e018c5d5f4eb5d09eecfaad760e92ec4",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "stack/test/stack_avrcp_test.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 8324.0,
                "function_hash": "133510049867979634507106659682574747103"
            },
            "id": "ASB-A-205570663-3ae3978f",
            "source": "https://android.googlesource.com/platform/system/bt/+/53aff7d1e018c5d5f4eb5d09eecfaad760e92ec4",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "stack/avrc/avrc_pars_ct.cc",
                "function": "avrc_pars_browse_rsp"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/bt/+/53aff7d1e018c5d5f4eb5d09eecfaad760e92ec4"
    ],
    "spl": "2022-10-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/system/bt

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2022-10-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 8324.0,
                "function_hash": "133510049867979634507106659682574747103"
            },
            "id": "ASB-A-205570663-07b48cdd",
            "source": "https://android.googlesource.com/platform/system/bt/+/e2c21c42444943be338d943cc8fbc5b88a5b9f3a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "stack/avrc/avrc_pars_ct.cc",
                "function": "avrc_pars_browse_rsp"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 9902.0,
                "function_hash": "212237906486955620618367297289880682168"
            },
            "id": "ASB-A-205570663-4a742b84",
            "source": "https://android.googlesource.com/platform/system/bt/+/e2c21c42444943be338d943cc8fbc5b88a5b9f3a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "stack/avrc/avrc_pars_ct.cc",
                "function": "avrc_ctrl_pars_vendor_rsp"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "63583063595761140445482535452589672429",
                    "68410126764287957455050860694611700816",
                    "259940881132413122271356701085610463946",
                    "256589493414692726532016141215428481876",
                    "191780761388653028100331694163962438138",
                    "227368121575231130679150458873269756327",
                    "284618433328015474291936650139298165875",
                    "201856332268137352919152824968009853259",
                    "89865430647722801759415086903173574258",
                    "316722222297529422587946003080859842411",
                    "191780761388653028100331694163962438138",
                    "227368121575231130679150458873269756327",
                    "284618433328015474291936650139298165875",
                    "59531908524829764323093178824293519953",
                    "89865430647722801759415086903173574258",
                    "74044567333134222198116207824982572185",
                    "133836755153463298081038162834729496614",
                    "7669396494182478580668665439355794079",
                    "36341816297097638823385752921161426396",
                    "268282454438475565898807743029970304883",
                    "239866384995723808097547875075006491138",
                    "51381993229652904914554255928572124248",
                    "112727163075927763606166442381030959436",
                    "301463966112709557639663298463362444321",
                    "107852372975393639626537855372490326713"
                ]
            },
            "id": "ASB-A-205570663-80d2d33d",
            "source": "https://android.googlesource.com/platform/system/bt/+/e2c21c42444943be338d943cc8fbc5b88a5b9f3a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "stack/avrc/avrc_pars_ct.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "53851562581457439053319150279614511705",
                    "28371810934832898202729681298911626759",
                    "1038927059233479462940346190604856113"
                ]
            },
            "id": "ASB-A-205570663-d2cdfb3c",
            "source": "https://android.googlesource.com/platform/system/bt/+/e2c21c42444943be338d943cc8fbc5b88a5b9f3a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "stack/test/stack_avrcp_test.cc"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/bt/+/e2c21c42444943be338d943cc8fbc5b88a5b9f3a"
    ],
    "spl": "2022-10-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/packages/modules/Bluetooth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2022-10-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "63583063595761140445482535452589672429",
                    "68410126764287957455050860694611700816",
                    "259940881132413122271356701085610463946",
                    "256589493414692726532016141215428481876",
                    "191780761388653028100331694163962438138",
                    "227368121575231130679150458873269756327",
                    "284618433328015474291936650139298165875",
                    "201856332268137352919152824968009853259",
                    "89865430647722801759415086903173574258",
                    "316722222297529422587946003080859842411",
                    "191780761388653028100331694163962438138",
                    "227368121575231130679150458873269756327",
                    "284618433328015474291936650139298165875",
                    "59531908524829764323093178824293519953",
                    "89865430647722801759415086903173574258",
                    "74044567333134222198116207824982572185",
                    "133836755153463298081038162834729496614",
                    "7669396494182478580668665439355794079",
                    "36341816297097638823385752921161426396",
                    "268282454438475565898807743029970304883",
                    "239866384995723808097547875075006491138",
                    "51381993229652904914554255928572124248",
                    "112727163075927763606166442381030959436",
                    "301463966112709557639663298463362444321",
                    "107852372975393639626537855372490326713"
                ]
            },
            "exact_target_file_match_only": true,
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62e29ee6f52d995cdace2d1ef8880c11831135fc",
            "deprecated": false,
            "id": "ASB-A-205570663-2e57a38f",
            "signature_version": "v1",
            "target": {
                "file": "system/stack/avrc/avrc_pars_ct.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 9902.0,
                "function_hash": "212237906486955620618367297289880682168"
            },
            "exact_target_file_match_only": true,
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62e29ee6f52d995cdace2d1ef8880c11831135fc",
            "deprecated": false,
            "id": "ASB-A-205570663-6381efcb",
            "signature_version": "v1",
            "target": {
                "file": "system/stack/avrc/avrc_pars_ct.cc",
                "function": "avrc_ctrl_pars_vendor_rsp"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 8324.0,
                "function_hash": "133510049867979634507106659682574747103"
            },
            "exact_target_file_match_only": true,
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62e29ee6f52d995cdace2d1ef8880c11831135fc",
            "deprecated": false,
            "id": "ASB-A-205570663-8a24dd48",
            "signature_version": "v1",
            "target": {
                "file": "system/stack/avrc/avrc_pars_ct.cc",
                "function": "avrc_pars_browse_rsp"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "53851562581457439053319150279614511705",
                    "28371810934832898202729681298911626759",
                    "1038927059233479462940346190604856113"
                ]
            },
            "exact_target_file_match_only": true,
            "source": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62e29ee6f52d995cdace2d1ef8880c11831135fc",
            "deprecated": false,
            "id": "ASB-A-205570663-b93a306f",
            "signature_version": "v1",
            "target": {
                "file": "system/stack/test/stack_avrcp_test.cc"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62e29ee6f52d995cdace2d1ef8880c11831135fc"
    ],
    "spl": "2022-10-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}