ASB-A-231986464

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-231986464.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-231986464
Aliases
  • A-231986464
  • CVE-2022-20418
Published
2022-10-01T00:00:00Z
Modified
2024-08-07T19:29:53.112747Z
Summary
[Out of Bounds Read in pickStartSeq Function in AAVCAssembler.cpp in libstagefright_rtsp]
Details

In pickStartSeq of AAVCAssembler.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2022-10-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 612.0,
                "function_hash": "186318213500322858317030057075640806937"
            },
            "id": "ASB-A-231986464-3da4bc20",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/2ebfe99b3a31aad82f8a186b136037509714d874",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/rtsp/AAVCAssembler.cpp",
                "function": "AAVCAssembler::pickStartSeq"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "33273134424248102204873426562886638547",
                    "118225866074188131561038581601871043512",
                    "7053521713956208209239234160035963325",
                    "53843108038709408261758986378788463147",
                    "221001657218360458121184014253133680756",
                    "23650320090368215991700259217092649728",
                    "278123299452925255862619278334513598622",
                    "19370684990649715860870351065171013494",
                    "42182442105126889931792907059761585577",
                    "135452047894297885470045179470781198347",
                    "79480937815460144899662488111977935230",
                    "44084205801885496181331491169194622586"
                ]
            },
            "id": "ASB-A-231986464-b8ee4d4d",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/2ebfe99b3a31aad82f8a186b136037509714d874",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/rtsp/AAVCAssembler.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/2ebfe99b3a31aad82f8a186b136037509714d874"
    ],
    "spl": "2022-10-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2022-10-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "33273134424248102204873426562886638547",
                    "118225866074188131561038581601871043512",
                    "7053521713956208209239234160035963325",
                    "53843108038709408261758986378788463147",
                    "221001657218360458121184014253133680756",
                    "23650320090368215991700259217092649728",
                    "278123299452925255862619278334513598622",
                    "19370684990649715860870351065171013494",
                    "42182442105126889931792907059761585577",
                    "135452047894297885470045179470781198347",
                    "79480937815460144899662488111977935230",
                    "44084205801885496181331491169194622586"
                ]
            },
            "id": "ASB-A-231986464-56628402",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/2ebfe99b3a31aad82f8a186b136037509714d874",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/rtsp/AAVCAssembler.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 612.0,
                "function_hash": "186318213500322858317030057075640806937"
            },
            "id": "ASB-A-231986464-f839752f",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/2ebfe99b3a31aad82f8a186b136037509714d874",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/rtsp/AAVCAssembler.cpp",
                "function": "AAVCAssembler::pickStartSeq"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/2ebfe99b3a31aad82f8a186b136037509714d874"
    ],
    "spl": "2022-10-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2022-10-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "33273134424248102204873426562886638547",
                    "118225866074188131561038581601871043512",
                    "7053521713956208209239234160035963325",
                    "53843108038709408261758986378788463147",
                    "221001657218360458121184014253133680756",
                    "23650320090368215991700259217092649728",
                    "278123299452925255862619278334513598622",
                    "19370684990649715860870351065171013494",
                    "42182442105126889931792907059761585577",
                    "135452047894297885470045179470781198347",
                    "79480937815460144899662488111977935230",
                    "44084205801885496181331491169194622586"
                ]
            },
            "id": "ASB-A-231986464-0a3b019d",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/2ebfe99b3a31aad82f8a186b136037509714d874",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/rtsp/AAVCAssembler.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 612.0,
                "function_hash": "186318213500322858317030057075640806937"
            },
            "id": "ASB-A-231986464-12631e04",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/2ebfe99b3a31aad82f8a186b136037509714d874",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/rtsp/AAVCAssembler.cpp",
                "function": "AAVCAssembler::pickStartSeq"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/2ebfe99b3a31aad82f8a186b136037509714d874"
    ],
    "spl": "2022-10-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}