In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to a local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-171966843
CVE-2022-20338 - Low Severity Vulnerability
Android framework classes and services
Library home page: https://android.googlesource.com/platform/frameworks/base
Found in HEAD commit: 9ad726714925ef4343da532b952622b33bdc91be
Found in base branch: master
In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to a local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-171966843
Publish Date: 2022-08-12
URL: CVE-2022-20338
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://android.googlesource.com/platform/frameworks/base/+/e082ece64fc7d8631048fbe0ff7f3125a65e123f
Release Date: 2022-08-12
Fix Resolution: android-13.0.0_r1
Step up your Open Source Security Game with Mend here