6.8

CVE-2022-32618

In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262454; Issue ID: ALPS07262454.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version11.0
   MediatekMt6833 Version-
   MediatekMt6873 Version-
   MediatekMt6893 Version-
   MediatekMt8798 Version-
GoogleAndroid Version12.0
   MediatekMt6833 Version-
   MediatekMt6873 Version-
   MediatekMt6893 Version-
   MediatekMt8798 Version-
GoogleAndroid Version13.0
   MediatekMt6833 Version-
   MediatekMt6873 Version-
   MediatekMt6893 Version-
   MediatekMt8798 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.075
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 0.9 5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.8 0.9 5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-131 Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.