android_os_Parcel_readString8 assumes readString8 is null-terminated

2021-03-0100:00:00

Google

osv.dev

android os

parcel readstring8

bounds check

information disclosure

user interaction

EPSS

Percentile

5.1%

JSON

In android_os_Parcel_readString8 of android_os_Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

android.googlesource.com/platform/art/+/1358c9faa9766fd470ab2ba002a73479ccf54154

android.googlesource.com/platform/art/+/4b56bb8ce224408acfef7f2b2c2cee2abd938c9a

android.googlesource.com/platform/art/+/6444277041f41294d98adac4bb585183e56587f6

android.googlesource.com/platform/art/+/69fc841b8460943c2b2224f61585942cbc9f3f40

android.googlesource.com/platform/art/+/7dd48b90bd0968375cba8dffa2141cc9973329f9

android.googlesource.com/platform/art/+/8c6653177204bfd6ccf03e1b4b3b72d96e362628

android.googlesource.com/platform/art/+/d0b940349294a363e6d578adf58db8222c425669

android.googlesource.com/platform/art/+/ed4b3e0958d3de6a92d82abb9f81e49e84d5c673

android.googlesource.com/platform/frameworks/native/+/58f5cfa56d5282e69a7580dc4bb97603c409f003

android.googlesource.com/platform/frameworks/native/+/61d0f84881cfc1bbac513ccd156c56603a48cc90

android.googlesource.com/platform/system/tools/hidl/+/e8544d4fae9e8b7f1b31068c1bbd817c792315c7

android.googlesource.com/platform/system/tools/hidl/+/f9a784013d8b6d519e66c2bee6384ad8a713ac25

source.android.com/security/bulletin/2021-03-01

EPSS

Percentile

5.1%

JSON

Related for OSV:ASB-A-172655291