ASB-A-239210579

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-239210579.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-239210579
Aliases
  • A-239210579
  • CVE-2022-20472
Published
2022-12-01T00:00:00Z
Modified
2024-08-07T19:29:08.791751Z
Summary
locale_fuzzer: Tag-mismatch in _getVariant
Details

In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/minikin

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2022-12-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1060.0,
                "function_hash": "152948757818298646151844135874724150576"
            },
            "id": "ASB-A-239210579-be0859dd",
            "source": "https://android.googlesource.com/platform/frameworks/minikin/+/d8a427cc9c8a722b0911af5139b10b0a6aeb0e03",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "libs/minikin/LocaleListCache.cpp",
                "function": "toLanguageTag"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "311606954623645014405006219303463805465",
                    "241199747390157345748406894549090239946",
                    "285900964479397606537853783197812129489",
                    "197897737091753768722222239047080504598",
                    "71759189750102407818191791820821522474",
                    "157532236812911576354397536908371080903",
                    "292516064325142511290277124646580853728",
                    "100923073751965899328259216077403220810"
                ]
            },
            "id": "ASB-A-239210579-c3e08b40",
            "source": "https://android.googlesource.com/platform/frameworks/minikin/+/d8a427cc9c8a722b0911af5139b10b0a6aeb0e03",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "libs/minikin/LocaleListCache.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/minikin/+/d8a427cc9c8a722b0911af5139b10b0a6aeb0e03"
    ],
    "spl": "2022-12-01",
    "severity": "Critical",
    "types": [
        "RCE"
    ]
}

Android / platform/frameworks/minikin

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2022-12-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "311606954623645014405006219303463805465",
                    "241199747390157345748406894549090239946",
                    "285900964479397606537853783197812129489",
                    "197897737091753768722222239047080504598",
                    "71759189750102407818191791820821522474",
                    "157532236812911576354397536908371080903",
                    "292516064325142511290277124646580853728",
                    "100923073751965899328259216077403220810"
                ]
            },
            "id": "ASB-A-239210579-5e49c3b5",
            "source": "https://android.googlesource.com/platform/frameworks/minikin/+/df1b59a77619ce831d8e5078c125cc2557a9ea35",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "libs/minikin/LocaleListCache.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1148.0,
                "function_hash": "44544224249926763090065890534562730262"
            },
            "id": "ASB-A-239210579-9604c377",
            "source": "https://android.googlesource.com/platform/frameworks/minikin/+/df1b59a77619ce831d8e5078c125cc2557a9ea35",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "libs/minikin/LocaleListCache.cpp",
                "function": "toLanguageTag"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/minikin/+/df1b59a77619ce831d8e5078c125cc2557a9ea35"
    ],
    "spl": "2022-12-01",
    "severity": "Critical",
    "types": [
        "RCE"
    ]
}

Android / platform/frameworks/minikin

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2022-12-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "311606954623645014405006219303463805465",
                    "241199747390157345748406894549090239946",
                    "285900964479397606537853783197812129489",
                    "197897737091753768722222239047080504598",
                    "71759189750102407818191791820821522474",
                    "157532236812911576354397536908371080903",
                    "292516064325142511290277124646580853728",
                    "100923073751965899328259216077403220810"
                ]
            },
            "id": "ASB-A-239210579-28e85dc8",
            "source": "https://android.googlesource.com/platform/frameworks/minikin/+/fde7f4a25ca4f1405bea3816c71cea64d80a9c81",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "libs/minikin/LocaleListCache.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1148.0,
                "function_hash": "44544224249926763090065890534562730262"
            },
            "id": "ASB-A-239210579-72f10ff2",
            "source": "https://android.googlesource.com/platform/frameworks/minikin/+/fde7f4a25ca4f1405bea3816c71cea64d80a9c81",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "libs/minikin/LocaleListCache.cpp",
                "function": "toLanguageTag"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/minikin/+/fde7f4a25ca4f1405bea3816c71cea64d80a9c81"
    ],
    "spl": "2022-12-01",
    "severity": "Critical",
    "types": [
        "RCE"
    ]
}

Android / platform/frameworks/minikin

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2022-12-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1148.0,
                "function_hash": "44544224249926763090065890534562730262"
            },
            "id": "ASB-A-239210579-5f962a9b",
            "source": "https://android.googlesource.com/platform/frameworks/minikin/+/c2380d94c6ed84542dd201c039a079cbf927bd24",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "libs/minikin/LocaleListCache.cpp",
                "function": "toLanguageTag"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "311606954623645014405006219303463805465",
                    "241199747390157345748406894549090239946",
                    "285900964479397606537853783197812129489",
                    "197897737091753768722222239047080504598",
                    "71759189750102407818191791820821522474",
                    "157532236812911576354397536908371080903",
                    "292516064325142511290277124646580853728",
                    "100923073751965899328259216077403220810"
                ]
            },
            "id": "ASB-A-239210579-a1d5b13c",
            "source": "https://android.googlesource.com/platform/frameworks/minikin/+/c2380d94c6ed84542dd201c039a079cbf927bd24",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "libs/minikin/LocaleListCache.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/minikin/+/c2380d94c6ed84542dd201c039a079cbf927bd24"
    ],
    "spl": "2022-12-01",
    "severity": "Critical",
    "types": [
        "RCE"
    ]
}

Android / platform/frameworks/minikin

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2022-12-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "311606954623645014405006219303463805465",
                    "241199747390157345748406894549090239946",
                    "285900964479397606537853783197812129489",
                    "197897737091753768722222239047080504598",
                    "71759189750102407818191791820821522474",
                    "157532236812911576354397536908371080903",
                    "292516064325142511290277124646580853728",
                    "100923073751965899328259216077403220810"
                ]
            },
            "id": "ASB-A-239210579-248e174e",
            "source": "https://android.googlesource.com/platform/frameworks/minikin/+/d5d0c70c3c73167a6564dc3e8843ab1f567b4676",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "libs/minikin/LocaleListCache.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1148.0,
                "function_hash": "44544224249926763090065890534562730262"
            },
            "id": "ASB-A-239210579-e3bb318f",
            "source": "https://android.googlesource.com/platform/frameworks/minikin/+/d5d0c70c3c73167a6564dc3e8843ab1f567b4676",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "libs/minikin/LocaleListCache.cpp",
                "function": "toLanguageTag"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/minikin/+/d5d0c70c3c73167a6564dc3e8843ab1f567b4676"
    ],
    "spl": "2022-12-01",
    "severity": "Critical",
    "types": [
        "RCE"
    ]
}