OSV-2023-849 Stack-buffer-overflow in ulocimp_toLanguageTag_74

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62348 Crash type: Stack-buffer-overflow WRITE 1 Crash state: ulocimptoLanguageTag74 icu74::Locale::toLanguageTag localemorphfuzzer.cpp...

CVE-2022-20473

In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-1...

CVE-2022-20472

In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-1...

Google Pixel 缓冲区错误漏洞

Google Android is a Linux-based open source operating system from Google, Inc. A code execution vulnerability exists in Google Android, which is caused by an out-of-range read in the toLanguageTag of LocaleListCache.cpp. An attacker could exploit this vulnerability to execute arbitrary code on th...