Lucene search

[email protected]CVE-2024-20055

HistoryApr 01, 2024 - 3:15 a.m.

CVE-2024-20055

2024-04-0103:15:08

web.nvd.nist.gov

imgsys information-disclosure missing-bounds-check local-information-disclosure system-execution-privileges user-interaction needed-exploitation patch-id alps08518692 issue-id msv-1012 nvd

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

In imgsys, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation Patch ID: ALPS08518692; Issue ID: MSV-1012.

Affected configurations

Vulners

Node

googleandroidRange<12.0

googleandroidRange<13.0

mediatekmt2713

mediatekmt8168

mediatekmt8173

mediatekmt8175

mediatekmt8188

mediatekmt8195

mediatekmt8365

mediatekawus036nh

mediatekmt8390

mediatekmt8395

mediatekmt8673

mediatekmt8696

mediatekmt8781

mediatekmt8795t

mediatekmt8798

mediatekmt8871

VendorProductVersionCPE
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
mediatekmt2713*cpe:2.3:h:mediatek:mt2713:*:*:*:*:*:*:*:*
mediatekmt8168*cpe:2.3:h:mediatek:mt8168:*:*:*:*:*:*:*:*
mediatekmt8173*cpe:2.3:h:mediatek:mt8173:*:*:*:*:*:*:*:*
mediatekmt8175*cpe:2.3:h:mediatek:mt8175:*:*:*:*:*:*:*:*
mediatekmt8188*cpe:2.3:h:mediatek:mt8188:*:*:*:*:*:*:*:*
mediatekmt8195*cpe:2.3:h:mediatek:mt8195:*:*:*:*:*:*:*:*
mediatekmt8365*cpe:2.3:h:mediatek:mt8365:*:*:*:*:*:*:*:*
mediatekawus036nh*cpe:2.3:h:mediatek:awus036nh:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	*	cpe:2.3:o:google:android::::::::
google	android	*	cpe:2.3:o:google:android::::::::
mediatek	mt2713	*	cpe:2.3:h:mediatek:mt2713::::::::
mediatek	mt8168	*	cpe:2.3:h:mediatek:mt8168::::::::
mediatek	mt8173	*	cpe:2.3:h:mediatek:mt8173::::::::
mediatek	mt8175	*	cpe:2.3:h:mediatek:mt8175::::::::
mediatek	mt8188	*	cpe:2.3:h:mediatek:mt8188::::::::
mediatek	mt8195	*	cpe:2.3:h:mediatek:mt8195::::::::
mediatek	mt8365	*	cpe:2.3:h:mediatek:mt8365::::::::
mediatek	awus036nh	*	cpe:2.3:h:mediatek:awus036nh::::::::

Rows per page:

1-10 of 181

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT2713, MT8168, MT8173, MT8175, MT8188, MT8195, MT8365, MT8370, MT8390, MT8395, MT8673, MT8696, MT8781, MT8795T, MT8798, MT8871",
    "versions": [
      {
        "version": "Android 12.0, 13.0 / Yocto 4.0 / IOT-v23.2",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/April-2024