mend-bolt-for-github[bot]
commented
11 months ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #348
Closed mend-bolt-for-github[bot] closed 11 months ago
mend-bolt-for-github[bot]
commented
11 months ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #348
mend-bolt-for-github[bot]
commented
11 months ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #348
CVE-2023-20922 - Medium Severity Vulnerability
Android framework classes and services
Library home page: https://android.googlesource.com/platform/frameworks/base
Found in HEAD commit: b9acb715fbb8de14e4f022a056adc01eed85977f
Found in base branch: main
In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-237291548
Publish Date: 2023-01-26
URL: CVE-2023-20922
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://android.googlesource.com/platform/frameworks/base/+/9bdd9d274ac4ce77c0e8d649141ceea115b1ddbe
Release Date: 2022-11-04
Fix Resolution: android-13.0.0_r16
Step up your Open Source Security Game with Mend here