ASB-A-224771921

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-224771921.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-224771921
Aliases
  • A-224771921
  • CVE-2022-20351
Published
2022-10-01T00:00:00Z
Modified
2024-08-07T19:30:08.374249Z
Summary
SQL Injection in CallLogProvider#query via URI PathSegments
Details

In queryInternal of CallLogProvider.java, there is a possible access to voicemail information due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/providers/ContactsProvider

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2022-10-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "53919801425180326925880022299954910965",
                    "41084984652913352252235059110035953599",
                    "117198694445126225419768552499591519059",
                    "310841440182783761631491462035056872936",
                    "275969169184207519965447917923689487896",
                    "148228664040594949976405220840456254062",
                    "223484236778549619715047498372853515431",
                    "212727300813294272073991136558766830669",
                    "106734020722319132713276943636652145003",
                    "12563010034041730063214558214832130977",
                    "158605298921130373656085401856903635610",
                    "304712495889103399796824084100047173705",
                    "232661825159461533547739478446004062156",
                    "29379320168401253849145444707556282372",
                    "147652856935526935264223359555761245980",
                    "216730683260515120472503840612373724727",
                    "108129233034129259535863135705579550246",
                    "148840682578805143956728380523294794062",
                    "290277608450103359517056288740042075516",
                    "49418042042563296236884803562436853101",
                    "100709172581173274939906130023865666346",
                    "117884230121521632714536214549292952937",
                    "288895626335556090024917407302880897532",
                    "130641697390818383245837180855469061023",
                    "240544318486812662390108120855747929969",
                    "176829741161037337402185425588070488858",
                    "17423679981754078804450044061002657106"
                ]
            },
            "id": "ASB-A-224771921-a2e16aca",
            "source": "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/c8b6397d364c2741baf5d850bfdd1693782af940",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/contacts/CallLogProvider.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1843.0,
                "function_hash": "93133705529729769360229456639272130222"
            },
            "id": "ASB-A-224771921-d280050a",
            "source": "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/c8b6397d364c2741baf5d850bfdd1693782af940",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/contacts/CallLogProvider.java",
                "function": "queryInternal"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/c8b6397d364c2741baf5d850bfdd1693782af940"
    ],
    "spl": "2022-10-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/packages/providers/ContactsProvider

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2022-10-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "53919801425180326925880022299954910965",
                    "41084984652913352252235059110035953599",
                    "117198694445126225419768552499591519059",
                    "310841440182783761631491462035056872936",
                    "148228664040594949976405220840456254062",
                    "223484236778549619715047498372853515431",
                    "212727300813294272073991136558766830669",
                    "145291450032720118371994974066181749592",
                    "106734020722319132713276943636652145003",
                    "12563010034041730063214558214832130977",
                    "158605298921130373656085401856903635610",
                    "304712495889103399796824084100047173705",
                    "232661825159461533547739478446004062156",
                    "29379320168401253849145444707556282372",
                    "318319657510725048878027519722401654232",
                    "85594869355850975769571123571438072701",
                    "181292463892748974626392882459449319571",
                    "245451439533552774764489455306344259418",
                    "221510784858669172849117074820395549837",
                    "290277608450103359517056288740042075516",
                    "49418042042563296236884803562436853101",
                    "100709172581173274939906130023865666346",
                    "117884230121521632714536214549292952937",
                    "288895626335556090024917407302880897532",
                    "130641697390818383245837180855469061023",
                    "240544318486812662390108120855747929969",
                    "176829741161037337402185425588070488858",
                    "17423679981754078804450044061002657106"
                ]
            },
            "id": "ASB-A-224771921-45922613",
            "source": "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/a3bdf569acd6cd39a5650019bb32ed8019e210b7",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/contacts/CallLogProvider.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1986.0,
                "function_hash": "50892577625933467961732409895582941822"
            },
            "id": "ASB-A-224771921-588f7663",
            "source": "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/a3bdf569acd6cd39a5650019bb32ed8019e210b7",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/contacts/CallLogProvider.java",
                "function": "queryInternal"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/a3bdf569acd6cd39a5650019bb32ed8019e210b7"
    ],
    "spl": "2022-10-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/packages/providers/ContactsProvider

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2022-10-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "53919801425180326925880022299954910965",
                    "41084984652913352252235059110035953599",
                    "117198694445126225419768552499591519059",
                    "157382823789119982665661079507840082676",
                    "294041959579873537322225011829003035562",
                    "44578029903154154491527394630474716531",
                    "125460805014347687669288926647455137264",
                    "215545335778065760900991917796475181766",
                    "232661825159461533547739478446004062156",
                    "29379320168401253849145444707556282372",
                    "318319657510725048878027519722401654232",
                    "85594869355850975769571123571438072701",
                    "181292463892748974626392882459449319571",
                    "245451439533552774764489455306344259418",
                    "221510784858669172849117074820395549837",
                    "290277608450103359517056288740042075516",
                    "49418042042563296236884803562436853101",
                    "100709172581173274939906130023865666346",
                    "117884230121521632714536214549292952937",
                    "288895626335556090024917407302880897532",
                    "130641697390818383245837180855469061023",
                    "240544318486812662390108120855747929969",
                    "176829741161037337402185425588070488858",
                    "17423679981754078804450044061002657106"
                ]
            },
            "id": "ASB-A-224771921-8c7ea7bc",
            "source": "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/890af6a4b1afa60be528abebc79cf61021f4ff75",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/contacts/CallLogProvider.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1986.0,
                "function_hash": "50892577625933467961732409895582941822"
            },
            "id": "ASB-A-224771921-f0bf1be6",
            "source": "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/890af6a4b1afa60be528abebc79cf61021f4ff75",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/contacts/CallLogProvider.java",
                "function": "queryInternal"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/890af6a4b1afa60be528abebc79cf61021f4ff75"
    ],
    "spl": "2022-10-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}