Headline
CVE-2023-40121
In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.
)]}’ { "commit": "3287ac2d2565dc96bf6177967f8e3aed33954253", "tree": "832070d1a4d228a36bfcce5f0f3410555063e3ca", "parents": [ “7212a4bec2d2f1a74fa54a12a04255d6a183baa9” ], "author": { "name": "Kunal Malhotra", "email": "[email protected]", "time": “Fri Jun 02 23:32:02 2023 +0000” }, "committer": { "name": "Justin Dunlap", "email": "[email protected]", "time": “Fri Sep 01 12:58:52 2023 -0700” }, "message": "Fixing DatabaseUtils to detect malformed UTF-16 strings\n\nTest: tested with POC in bug, also using atest\nBug: 224771621\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:fb4a72e3943d166088407e61aa4439ac349f3f12)\nMerged-In: Ide65205b83063801971c5778af3154bcf3f0e530\nChange-Id: Ide65205b83063801971c5778af3154bcf3f0e530\n", "tree_diff": [ { "type": "modify", "old_id": "6c8a8500e4e38c282491cefbf98e42b3a92e976a", "old_mode": 33188, "old_path": "core/java/android/database/DatabaseUtils.java", "new_id": "d41df4f49d48fd3d2bf7274644fc96e67352022b", "new_mode": 33188, "new_path": “core/java/android/database/DatabaseUtils.java” } ] }
Related news
Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect integrity and confidentiality.