Details of VAR-202401-1280

ID

VAR-202401-1280

CVE

CVE-2023-32891

TITLE

Google of Android Out-of-bounds write vulnerability in products from multiple vendors such as

Trust: 0.8

sources: JVNDB: JVNDB-2023-024181

DESCRIPTION

In bluetooth service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07933038; Issue ID: MSV-559. Google of Android Products from multiple vendors, such as the following, contain out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-32891 // JVNDB: JVNDB-2023-024181

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	12.0	Trust: 1.0
vendor:	mediatek	model:	lr13	scope:	eq	version:	-	Trust: 1.0
vendor:	mediatek	model:	nr16	scope:	eq	version:	-	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.0
vendor:	mediatek	model:	nr15	scope:	eq	version:	-	Trust: 1.0
vendor:	mediatek	model:	nr17	scope:	eq	version:	-	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	13.0	Trust: 1.0
vendor:	メディアテック	model:	nr15	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	nr16	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	nr17	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	lr13	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-024181 // NVD: CVE-2023-32891

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-32891
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2023-32891
value:	MEDIUM
Trust: 0.8

nvd@nist.gov:	CVE-2023-32891
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2023-32891
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-024181 // NVD: CVE-2023-32891

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-024181 // NVD: CVE-2023-32891

EXTERNAL IDS

db:	NVD	id:	CVE-2023-32891	Trust: 2.6
db:	JVNDB	id:	JVNDB-2023-024181	Trust: 0.8

sources: JVNDB: JVNDB-2023-024181 // NVD: CVE-2023-32891

REFERENCES

url:	https://corp.mediatek.com/product-security-bulletin/january-2024	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-32891	Trust: 0.8

sources: JVNDB: JVNDB-2023-024181 // NVD: CVE-2023-32891

SOURCES

db:	JVNDB	id:	JVNDB-2023-024181
db:	NVD	id:	CVE-2023-32891

LAST UPDATE DATE

2024-08-14T14:54:18.608000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-024181	date:	2024-01-31T01:17:00
db:	NVD	id:	CVE-2023-32891	date:	2024-01-05T12:13:46.007

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-024181	date:	2024-01-31T00:00:00
db:	NVD	id:	CVE-2023-32891	date:	2024-01-02T03:15:08.633