ASB-A-330054251

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-330054251.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-330054251
Aliases
  • A-330054251
  • CVE-2024-31311
Published
2024-06-01T00:00:00Z
Modified
2024-08-07T19:29:40.757381Z
Summary
statsevent_fuzzer: Heap-buffer-overflow in AStatsEvent_addBoolAnnotation
Details

In incrementannotationcount of stats_event.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/modules/StatsD

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2024-06-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "40818449407841122966676705733223152827",
                    "275547101538307787913205473237144764838",
                    "240572379499218011316952381048467884487",
                    "297955085587280879483905699524165595939"
                ]
            },
            "id": "ASB-A-330054251-302264be",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/libstatssocket/stats_event.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 372.0,
                "function_hash": "188177099814377904508818737966482960063"
            },
            "id": "ASB-A-330054251-c744808b",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/libstatssocket/stats_event.c",
                "function": "increment_annotation_count"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/modules/StatsD

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2024-06-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 372.0,
                "function_hash": "188177099814377904508818737966482960063"
            },
            "id": "ASB-A-330054251-93232e0a",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/libstatssocket/stats_event.c",
                "function": "increment_annotation_count"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "40818449407841122966676705733223152827",
                    "275547101538307787913205473237144764838",
                    "240572379499218011316952381048467884487",
                    "297955085587280879483905699524165595939"
                ]
            },
            "id": "ASB-A-330054251-f9eee20e",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/libstatssocket/stats_event.c"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/modules/StatsD

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2024-06-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 372.0,
                "function_hash": "188177099814377904508818737966482960063"
            },
            "id": "ASB-A-330054251-08dfc1af",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/libstatssocket/stats_event.c",
                "function": "increment_annotation_count"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "40818449407841122966676705733223152827",
                    "275547101538307787913205473237144764838",
                    "240572379499218011316952381048467884487",
                    "297955085587280879483905699524165595939"
                ]
            },
            "id": "ASB-A-330054251-32789bf8",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/libstatssocket/stats_event.c"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/modules/StatsD

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2024-06-01

Affected versions

Other

14

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "40818449407841122966676705733223152827",
                    "275547101538307787913205473237144764838",
                    "240572379499218011316952381048467884487",
                    "297955085587280879483905699524165595939"
                ]
            },
            "id": "ASB-A-330054251-6fdf7709",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/libstatssocket/stats_event.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 372.0,
                "function_hash": "188177099814377904508818737966482960063"
            },
            "id": "ASB-A-330054251-b4122673",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/libstatssocket/stats_event.c",
                "function": "increment_annotation_count"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}