CVE-2023-21170

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Published Jun 28, 2023

Updated: Jun 30, 2023

CWE ID 125

Summary

CVE-2023-21170 is a vulnerability affecting the ComposerCommandEngine.h component in Android OS. The issue stems from a missing bounds check in the executeSetClientTarget function, which could result in an out-of-bounds read. This vulnerability holds the potential for local information disclosure and even system execution, without requiring user interaction. The affected product is Android, and versions 13 are specifically targeted.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rpg87M
https://www.cve.org/CVERecord?id=CVE-2023-21170
https://nvd.nist.gov/vuln/detail/CVE-2023-21170

Back to Vulnerability Database