Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-40121

In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

CVE
#sql#android#google#java#auth

)]}’ { "commit": "3287ac2d2565dc96bf6177967f8e3aed33954253", "tree": "832070d1a4d228a36bfcce5f0f3410555063e3ca", "parents": [ “7212a4bec2d2f1a74fa54a12a04255d6a183baa9” ], "author": { "name": "Kunal Malhotra", "email": "[email protected]", "time": “Fri Jun 02 23:32:02 2023 +0000” }, "committer": { "name": "Justin Dunlap", "email": "[email protected]", "time": “Fri Sep 01 12:58:52 2023 -0700” }, "message": "Fixing DatabaseUtils to detect malformed UTF-16 strings\n\nTest: tested with POC in bug, also using atest\nBug: 224771621\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:fb4a72e3943d166088407e61aa4439ac349f3f12)\nMerged-In: Ide65205b83063801971c5778af3154bcf3f0e530\nChange-Id: Ide65205b83063801971c5778af3154bcf3f0e530\n", "tree_diff": [ { "type": "modify", "old_id": "6c8a8500e4e38c282491cefbf98e42b3a92e976a", "old_mode": 33188, "old_path": "core/java/android/database/DatabaseUtils.java", "new_id": "d41df4f49d48fd3d2bf7274644fc96e67352022b", "new_mode": 33188, "new_path": “core/java/android/database/DatabaseUtils.java” } ] }

Related news

CVE-2023-5801: November

Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907