13.0

CVSS 4.4 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

google

CWE-131

NVD

Published: 2023-08-07

Updated: 2023-08-09

Summary

In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07147572; Issue ID: ALPS07421076.

Vulnerable Configurations

Part	Description	Count
OS	Google Google Android 12.0 Google Android 13.0	2
Hardware	Mediatek Mediatek Mt2713 - Mediatek Mt6855 - Mediatek Mt6879 - Mediatek Mt6886 - Mediatek Mt6895 - Mediatek Mt6983 - Mediatek Mt6985 - Mediatek Mt8188 - Mediatek Mt8195 - Mediatek Mt8395 - Mediatek Mt8673 -	11

Common Weakness Enumeration (CWE)

CWE-131 - Incorrect Calculation of Buffer Size

Common Attack Pattern Enumeration and Classification (CAPEC)

Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Buffer Overflow via Parameter Expansion
In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.

References

https://corp.mediatek.com/product-security-bulletin/August-2023