9.8

CVE-2023-21287

In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version11.0 Update-
GoogleAndroid Version12.0 Update-
GoogleAndroid Version12.1 Update-
GoogleAndroid Version13.0 Update-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.42% 0.333
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

https://source.android.com/security/bulletin/2023-08-01
Patch
Vendor Advisory
https://android.googlesource.com/platform/external/freetype/+/a79e80a25874dacaa266906a9048f13d4bac41c6
Patch