CVE-2023-48403

2023-12-0815:40:19

Google_Devices

www.cve.org

cve-2023-48403 remote information disclosure switch

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

37.9%

JSON

In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure if the attacker is able to observe the behavior of the subsequent switch conditional with no additional execution privileges needed. User interaction is not needed for exploitation.

CNA Affected

[
  {
    "vendor": "Google",
    "product": "Android",
    "versions": [
      {
        "version": "Android kernel",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

source.android.com/security/bulletin/pixel/2023-12-01