{"id":"ASB-A-171966843", "published":"2023-05-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2022-20338", "A-171966843"], "details":"In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to a local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-05-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/f37a94ae920fa5879c557603fc285942ec4b84b1"], "severity":"High", "spl":"2023-05-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["217293375901536488373202122972823323969", "64913045587930263071620006027114995635", "133802527225369483754931688542697427099", "160009536855085451358753916392621805401", "108665550764986394327745700644898793881", "238342223150607425782371454756028319372", "285677272714058008081533384476939390622", "213183156118135730613894113137757047267", "191618998247855941167627426111353121754", "229221336185881681659960120095347110956", "214877076543316569988414134525175557655", "300917551157252855785981741901753753877", "62817408602554622937841706145635928073"], "threshold":0.9}, "id":"ASB-A-171966843-9057e044", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f37a94ae920fa5879c557603fc285942ec4b84b1", "target":{"file":"core/java/android/net/Uri.java"}}, {"deprecated":false, "digest":{"function_hash":"40263653748956335830809431209081902639", "length":197}, "id":"ASB-A-171966843-e47c4ece", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f37a94ae920fa5879c557603fc285942ec4b84b1", "target":{"file":"core/java/android/net/Uri.java", "function":"readFrom"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2023-05-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/c87f0623be4042c39a9b73f7a6e02aa116925e50"], "severity":"High", "spl":"2023-05-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["217293375901536488373202122972823323969", "64913045587930263071620006027114995635", "133802527225369483754931688542697427099", "160009536855085451358753916392621805401", "108665550764986394327745700644898793881", "238342223150607425782371454756028319372", "285677272714058008081533384476939390622", "213183156118135730613894113137757047267", "191618998247855941167627426111353121754", "229221336185881681659960120095347110956", "214877076543316569988414134525175557655", "119157369104391389495237517514297622080", "210632989439468116936103427892354174345"], "threshold":0.9}, "id":"ASB-A-171966843-8faec97e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c87f0623be4042c39a9b73f7a6e02aa116925e50", "target":{"file":"core/java/android/net/Uri.java"}}, {"deprecated":false, "digest":{"function_hash":"40263653748956335830809431209081902639", "length":197}, "id":"ASB-A-171966843-b680b350", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c87f0623be4042c39a9b73f7a6e02aa116925e50", "target":{"file":"core/java/android/net/Uri.java", "function":"readFrom"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-05-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/d83281c73070f2428754912ede95ecb0e3d69cd5"], "severity":"High", "spl":"2023-05-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"40263653748956335830809431209081902639", "length":197}, "id":"ASB-A-171966843-650176e1", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/d83281c73070f2428754912ede95ecb0e3d69cd5", "target":{"file":"core/java/android/net/Uri.java", "function":"readFrom"}}, {"deprecated":false, "digest":{"line_hashes":["217293375901536488373202122972823323969", "64913045587930263071620006027114995635", "133802527225369483754931688542697427099", "160009536855085451358753916392621805401", "108665550764986394327745700644898793881", "238342223150607425782371454756028319372", "285677272714058008081533384476939390622", "213183156118135730613894113137757047267", "191618998247855941167627426111353121754", "229221336185881681659960120095347110956", "214877076543316569988414134525175557655", "300917551157252855785981741901753753877", "62817408602554622937841706145635928073"], "threshold":0.9}, "id":"ASB-A-171966843-e4869c7c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/d83281c73070f2428754912ede95ecb0e3d69cd5", "target":{"file":"core/java/android/net/Uri.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-05-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/dcc1fb8e8be12324e1a8277023955d9f92cd5626"], "severity":"High", "spl":"2023-05-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"40263653748956335830809431209081902639", "length":197}, "id":"ASB-A-171966843-9c48c1b9", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/dcc1fb8e8be12324e1a8277023955d9f92cd5626", "target":{"file":"core/java/android/net/Uri.java", "function":"readFrom"}}, {"deprecated":false, "digest":{"line_hashes":["217293375901536488373202122972823323969", "64913045587930263071620006027114995635", "133802527225369483754931688542697427099", "160009536855085451358753916392621805401", "108665550764986394327745700644898793881", "238342223150607425782371454756028319372", "285677272714058008081533384476939390622", "213183156118135730613894113137757047267", "191618998247855941167627426111353121754", "229221336185881681659960120095347110956", "214877076543316569988414134525175557655", "300917551157252855785981741901753753877", "62817408602554622937841706145635928073"], "threshold":0.9}, "id":"ASB-A-171966843-cf0e9b9e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/dcc1fb8e8be12324e1a8277023955d9f92cd5626", "target":{"file":"core/java/android/net/Uri.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-05-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/e082ece64fc7d8631048fbe0ff7f3125a65e123f"}]}