{"id":"ASB-A-205570663", "published":"2022-10-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2022-20410", "A-205570663"], "details":"In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2022-10-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/96ef1fc9cbe38f1224b4e4a2dca3ecfb44a6aece"], "severity":"High", "spl":"2022-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["53851562581457439053319150279614511705", "28371810934832898202729681298911626759", "1038927059233479462940346190604856113"], "threshold":0.9}, "id":"ASB-A-205570663-5091fa9b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/96ef1fc9cbe38f1224b4e4a2dca3ecfb44a6aece", "target":{"file":"stack/test/stack_avrcp_test.cc"}}, {"deprecated":false, "digest":{"function_hash":"92219160472489548622221663059819042208", "length":7320}, "id":"ASB-A-205570663-813159a3", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/96ef1fc9cbe38f1224b4e4a2dca3ecfb44a6aece", "target":{"file":"stack/avrc/avrc_pars_ct.cc", "function":"avrc_pars_browse_rsp"}}, {"deprecated":false, "digest":{"function_hash":"292198416997601795162240660694263142047", "length":9897}, "id":"ASB-A-205570663-b881c95f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/96ef1fc9cbe38f1224b4e4a2dca3ecfb44a6aece", "target":{"file":"stack/avrc/avrc_pars_ct.cc", "function":"avrc_ctrl_pars_vendor_rsp"}}, {"deprecated":false, "digest":{"line_hashes":["63583063595761140445482535452589672429", "68410126764287957455050860694611700816", "259940881132413122271356701085610463946", "256589493414692726532016141215428481876", "191780761388653028100331694163962438138", "227368121575231130679150458873269756327", "284618433328015474291936650139298165875", "201856332268137352919152824968009853259", "89865430647722801759415086903173574258", "316722222297529422587946003080859842411", "133836755153463298081038162834729496614", "7669396494182478580668665439355794079", "36341816297097638823385752921161426396", "268282454438475565898807743029970304883", "239866384995723808097547875075006491138", "51381993229652904914554255928572124248", "112727163075927763606166442381030959436", "301463966112709557639663298463362444321", "107852372975393639626537855372490326713"], "threshold":0.9}, "id":"ASB-A-205570663-f8ae376b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/96ef1fc9cbe38f1224b4e4a2dca3ecfb44a6aece", "target":{"file":"stack/avrc/avrc_pars_ct.cc"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-10-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/53aff7d1e018c5d5f4eb5d09eecfaad760e92ec4"], "severity":"High", "spl":"2022-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":true, "digest":{"function_hash":"212237906486955620618367297289880682168", "length":9902}, "id":"ASB-A-205570663-05723f9e", "match_only_versions":["11"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/53aff7d1e018c5d5f4eb5d09eecfaad760e92ec4", "target":{"file":"stack/avrc/avrc_pars_ct.cc", "function":"avrc_ctrl_pars_vendor_rsp"}}, {"deprecated":true, "digest":{"line_hashes":["63583063595761140445482535452589672429", "68410126764287957455050860694611700816", "259940881132413122271356701085610463946", "256589493414692726532016141215428481876", "191780761388653028100331694163962438138", "227368121575231130679150458873269756327", "284618433328015474291936650139298165875", "201856332268137352919152824968009853259", "89865430647722801759415086903173574258", "316722222297529422587946003080859842411", "191780761388653028100331694163962438138", "227368121575231130679150458873269756327", "284618433328015474291936650139298165875", "59531908524829764323093178824293519953", "89865430647722801759415086903173574258", "74044567333134222198116207824982572185", "133836755153463298081038162834729496614", "7669396494182478580668665439355794079", "36341816297097638823385752921161426396", "268282454438475565898807743029970304883", "239866384995723808097547875075006491138", "51381993229652904914554255928572124248", "112727163075927763606166442381030959436", "301463966112709557639663298463362444321", "107852372975393639626537855372490326713"], "threshold":0.9}, "id":"ASB-A-205570663-29a3abcc", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/53aff7d1e018c5d5f4eb5d09eecfaad760e92ec4", "target":{"file":"stack/avrc/avrc_pars_ct.cc"}}, {"deprecated":true, "digest":{"line_hashes":["53851562581457439053319150279614511705", "28371810934832898202729681298911626759", "1038927059233479462940346190604856113"], "threshold":0.9}, "id":"ASB-A-205570663-36345f6f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/53aff7d1e018c5d5f4eb5d09eecfaad760e92ec4", "target":{"file":"stack/test/stack_avrcp_test.cc"}}, {"deprecated":true, "digest":{"function_hash":"133510049867979634507106659682574747103", "length":8324}, "id":"ASB-A-205570663-3ae3978f", "match_only_versions":["11"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/53aff7d1e018c5d5f4eb5d09eecfaad760e92ec4", "target":{"file":"stack/avrc/avrc_pars_ct.cc", "function":"avrc_pars_browse_rsp"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-10-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/e2c21c42444943be338d943cc8fbc5b88a5b9f3a"], "severity":"High", "spl":"2022-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":true, "digest":{"function_hash":"133510049867979634507106659682574747103", "length":8324}, "id":"ASB-A-205570663-07b48cdd", "match_only_versions":["12"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/e2c21c42444943be338d943cc8fbc5b88a5b9f3a", "target":{"file":"stack/avrc/avrc_pars_ct.cc", "function":"avrc_pars_browse_rsp"}}, {"deprecated":true, "digest":{"function_hash":"212237906486955620618367297289880682168", "length":9902}, "id":"ASB-A-205570663-4a742b84", "match_only_versions":["12"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/e2c21c42444943be338d943cc8fbc5b88a5b9f3a", "target":{"file":"stack/avrc/avrc_pars_ct.cc", "function":"avrc_ctrl_pars_vendor_rsp"}}, {"deprecated":true, "digest":{"line_hashes":["63583063595761140445482535452589672429", "68410126764287957455050860694611700816", "259940881132413122271356701085610463946", "256589493414692726532016141215428481876", "191780761388653028100331694163962438138", "227368121575231130679150458873269756327", "284618433328015474291936650139298165875", "201856332268137352919152824968009853259", "89865430647722801759415086903173574258", "316722222297529422587946003080859842411", "191780761388653028100331694163962438138", "227368121575231130679150458873269756327", "284618433328015474291936650139298165875", "59531908524829764323093178824293519953", "89865430647722801759415086903173574258", "74044567333134222198116207824982572185", "133836755153463298081038162834729496614", "7669396494182478580668665439355794079", "36341816297097638823385752921161426396", "268282454438475565898807743029970304883", "239866384995723808097547875075006491138", "51381993229652904914554255928572124248", "112727163075927763606166442381030959436", "301463966112709557639663298463362444321", "107852372975393639626537855372490326713"], "threshold":0.9}, "id":"ASB-A-205570663-80d2d33d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/e2c21c42444943be338d943cc8fbc5b88a5b9f3a", "target":{"file":"stack/avrc/avrc_pars_ct.cc"}}, {"deprecated":true, "digest":{"line_hashes":["53851562581457439053319150279614511705", "28371810934832898202729681298911626759", "1038927059233479462940346190604856113"], "threshold":0.9}, "id":"ASB-A-205570663-d2cdfb3c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/e2c21c42444943be338d943cc8fbc5b88a5b9f3a", "target":{"file":"stack/test/stack_avrcp_test.cc"}}]}}, {"package":{"name":"platform/packages/modules/Bluetooth", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2022-10-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62e29ee6f52d995cdace2d1ef8880c11831135fc"], "severity":"High", "spl":"2022-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":true, "digest":{"line_hashes":["63583063595761140445482535452589672429", "68410126764287957455050860694611700816", "259940881132413122271356701085610463946", "256589493414692726532016141215428481876", "191780761388653028100331694163962438138", "227368121575231130679150458873269756327", "284618433328015474291936650139298165875", "201856332268137352919152824968009853259", "89865430647722801759415086903173574258", "316722222297529422587946003080859842411", "191780761388653028100331694163962438138", "227368121575231130679150458873269756327", "284618433328015474291936650139298165875", "59531908524829764323093178824293519953", "89865430647722801759415086903173574258", "74044567333134222198116207824982572185", "133836755153463298081038162834729496614", "7669396494182478580668665439355794079", "36341816297097638823385752921161426396", "268282454438475565898807743029970304883", "239866384995723808097547875075006491138", "51381993229652904914554255928572124248", "112727163075927763606166442381030959436", "301463966112709557639663298463362444321", "107852372975393639626537855372490326713"], "threshold":0.9}, "exact_target_file_match_only":true, "id":"ASB-A-205570663-2e57a38f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62e29ee6f52d995cdace2d1ef8880c11831135fc", "target":{"file":"system/stack/avrc/avrc_pars_ct.cc"}}, {"deprecated":true, "digest":{"function_hash":"212237906486955620618367297289880682168", "length":9902}, "exact_target_file_match_only":true, "id":"ASB-A-205570663-6381efcb", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62e29ee6f52d995cdace2d1ef8880c11831135fc", "target":{"file":"system/stack/avrc/avrc_pars_ct.cc", "function":"avrc_ctrl_pars_vendor_rsp"}}, {"deprecated":true, "digest":{"function_hash":"133510049867979634507106659682574747103", "length":8324}, "exact_target_file_match_only":true, "id":"ASB-A-205570663-8a24dd48", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62e29ee6f52d995cdace2d1ef8880c11831135fc", "target":{"file":"system/stack/avrc/avrc_pars_ct.cc", "function":"avrc_pars_browse_rsp"}}, {"deprecated":true, "digest":{"line_hashes":["53851562581457439053319150279614511705", "28371810934832898202729681298911626759", "1038927059233479462940346190604856113"], "threshold":0.9}, "exact_target_file_match_only":true, "id":"ASB-A-205570663-b93a306f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62e29ee6f52d995cdace2d1ef8880c11831135fc", "target":{"file":"system/stack/test/stack_avrcp_test.cc"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-10-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/089b7e344fc6b8a342278ec82ea31b74c1532d86"}]}