Lucene search

GoogleOSV:ASB-A-231986464

HistoryOct 01, 2022 - 12:00 a.m.

[Out of Bounds Read in pickStartSeq Function in AAVCAssembler.cpp in libstagefright_rtsp]

2022-10-0100:00:00

Google

osv.dev

aavcassembler

libstagefright_rtsp

out of bounds read

remote information disclosure

missing bounds check

exploitation

software

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

40.6%

JSON

In pickStartSeq of AAVCAssembler.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

android.googlesource.com/platform/frameworks/av/+/91fddd9386c2e50e6fed87af2bed8b33da058a24

source.android.com/security/bulletin/2022-10-01

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

40.6%

JSON

Related for OSV:ASB-A-231986464