Lucene search

GoogleOSV:ASB-A-240685104

HistoryNov 01, 2022 - 12:00 a.m.

Path traversal in MmsProvider#update leading to permanent DoS

2022-11-0100:00:00

Google

osv.dev

mmsprovider

directory permissions

denial of service

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

17.6%

JSON

In update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is needed for exploitation.

References

android.googlesource.com/platform/packages/providers/TelephonyProvider/+/fc6557b9bf18d71b0f496f7302c47feeaa3fc5e2

source.android.com/security/bulletin/2022-11-01

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

17.6%

JSON

Related for OSV:ASB-A-240685104