Lucene search

[email protected]NVD:CVE-2023-21059

HistoryMar 24, 2023 - 8:15 p.m.

CVE-2023-21059

2023-03-2420:15:14

CWE-125

[email protected]

web.nvd.nist.gov

eutran

lpp_lcsmanagement

out of bounds read

remote information disclosure

android kernel

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

36.5%

JSON

In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-247564044References: N/A

Affected configurations

Nvd

Node

googleandroidMatch-

VendorProductVersionCPE
googleandroid-cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	-	cpe:2.3:o:google:android:-:::::::*

References

source.android.com/security/bulletin/pixel/2023-03-01

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

36.5%

JSON

Related for NVD:CVE-2023-21059

prion1 cvelist1 cve1