Lucene search

GoogleOSV:ASB-A-171966843

HistoryMay 01, 2023 - 12:00 a.m.

Logical bug regarding android.net.Uri

2023-05-0100:00:00

Google

osv.dev

android

uri

input validation

privilege escalation

local

exploitation

software

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

Percentile

5.1%

JSON

In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to a local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User interaction is not needed for exploitation.

References

android.googlesource.com/platform/frameworks/base/+/e082ece64fc7d8631048fbe0ff7f3125a65e123f

source.android.com/security/bulletin/2023-05-01

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

Percentile

5.1%

JSON

Related for OSV:ASB-A-171966843