In queryInternal of CallLogProvider.java, there is a possible access to voicemail information due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "53919801425180326925880022299954910965", "41084984652913352252235059110035953599", "117198694445126225419768552499591519059", "310841440182783761631491462035056872936", "275969169184207519965447917923689487896", "148228664040594949976405220840456254062", "223484236778549619715047498372853515431", "212727300813294272073991136558766830669", "106734020722319132713276943636652145003", "12563010034041730063214558214832130977", "158605298921130373656085401856903635610", "304712495889103399796824084100047173705", "232661825159461533547739478446004062156", "29379320168401253849145444707556282372", "147652856935526935264223359555761245980", "216730683260515120472503840612373724727", "108129233034129259535863135705579550246", "148840682578805143956728380523294794062", "290277608450103359517056288740042075516", "49418042042563296236884803562436853101", "100709172581173274939906130023865666346", "117884230121521632714536214549292952937", "288895626335556090024917407302880897532", "130641697390818383245837180855469061023", "240544318486812662390108120855747929969", "176829741161037337402185425588070488858", "17423679981754078804450044061002657106" ] }, "id": "ASB-A-224771921-a2e16aca", "source": "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/c8b6397d364c2741baf5d850bfdd1693782af940", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/providers/contacts/CallLogProvider.java" }, "signature_type": "Line" }, { "digest": { "length": 1843.0, "function_hash": "93133705529729769360229456639272130222" }, "id": "ASB-A-224771921-d280050a", "source": "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/c8b6397d364c2741baf5d850bfdd1693782af940", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/providers/contacts/CallLogProvider.java", "function": "queryInternal" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/c8b6397d364c2741baf5d850bfdd1693782af940" ], "spl": "2022-10-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "53919801425180326925880022299954910965", "41084984652913352252235059110035953599", "117198694445126225419768552499591519059", "310841440182783761631491462035056872936", "148228664040594949976405220840456254062", "223484236778549619715047498372853515431", "212727300813294272073991136558766830669", "145291450032720118371994974066181749592", "106734020722319132713276943636652145003", "12563010034041730063214558214832130977", "158605298921130373656085401856903635610", "304712495889103399796824084100047173705", "232661825159461533547739478446004062156", "29379320168401253849145444707556282372", "318319657510725048878027519722401654232", "85594869355850975769571123571438072701", "181292463892748974626392882459449319571", "245451439533552774764489455306344259418", "221510784858669172849117074820395549837", "290277608450103359517056288740042075516", "49418042042563296236884803562436853101", "100709172581173274939906130023865666346", "117884230121521632714536214549292952937", "288895626335556090024917407302880897532", "130641697390818383245837180855469061023", "240544318486812662390108120855747929969", "176829741161037337402185425588070488858", "17423679981754078804450044061002657106" ] }, "id": "ASB-A-224771921-45922613", "source": "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/a3bdf569acd6cd39a5650019bb32ed8019e210b7", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/providers/contacts/CallLogProvider.java" }, "signature_type": "Line" }, { "digest": { "length": 1986.0, "function_hash": "50892577625933467961732409895582941822" }, "id": "ASB-A-224771921-588f7663", "source": "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/a3bdf569acd6cd39a5650019bb32ed8019e210b7", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/providers/contacts/CallLogProvider.java", "function": "queryInternal" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/a3bdf569acd6cd39a5650019bb32ed8019e210b7" ], "spl": "2022-10-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "53919801425180326925880022299954910965", "41084984652913352252235059110035953599", "117198694445126225419768552499591519059", "157382823789119982665661079507840082676", "294041959579873537322225011829003035562", "44578029903154154491527394630474716531", "125460805014347687669288926647455137264", "215545335778065760900991917796475181766", "232661825159461533547739478446004062156", "29379320168401253849145444707556282372", "318319657510725048878027519722401654232", "85594869355850975769571123571438072701", "181292463892748974626392882459449319571", "245451439533552774764489455306344259418", "221510784858669172849117074820395549837", "290277608450103359517056288740042075516", "49418042042563296236884803562436853101", "100709172581173274939906130023865666346", "117884230121521632714536214549292952937", "288895626335556090024917407302880897532", "130641697390818383245837180855469061023", "240544318486812662390108120855747929969", "176829741161037337402185425588070488858", "17423679981754078804450044061002657106" ] }, "id": "ASB-A-224771921-8c7ea7bc", "source": "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/890af6a4b1afa60be528abebc79cf61021f4ff75", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/providers/contacts/CallLogProvider.java" }, "signature_type": "Line" }, { "digest": { "length": 1986.0, "function_hash": "50892577625933467961732409895582941822" }, "id": "ASB-A-224771921-f0bf1be6", "source": "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/890af6a4b1afa60be528abebc79cf61021f4ff75", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/providers/contacts/CallLogProvider.java", "function": "queryInternal" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/890af6a4b1afa60be528abebc79cf61021f4ff75" ], "spl": "2022-10-01", "severity": "High", "types": [ "ID" ] }