{"id":"ASB-A-224771621", "published":"2023-10-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2023-40121", "A-224771621"], "details":"In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14-next:0"}, {"fixed":"14-next:2023-10-01"}]}], "versions":["14-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/0e371afb3000c499e0781168ec881a47eab93bad"], "severity":"High", "spl":"2023-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["91430442698769588082946095537832694273", "20026852134819942257321237996885029255", "40202397281895256590539654412865972135", "50951509129200039129727141957125128952", "119153895310442971121653871419161057127", "233941376171148845727814306014660242510", "328591897088368036931992023040705824379", "331022390354213500580369461296128589367", "99802358205671677310842177324450502666", "187295020737331672904278640354158062270", "248156025000407165605799185144903196744", "179301388443848148578845235787293899387", "107870144222067608556514995861480788614", "231700832369868250746759799492792043918"], "threshold":0.9}, "id":"ASB-A-224771621-1b43d100", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0e371afb3000c499e0781168ec881a47eab93bad", "target":{"file":"core/java/android/database/DatabaseUtils.java"}}, {"deprecated":false, "digest":{"function_hash":"43765961898805927503019869372948122505", "length":391}, "id":"ASB-A-224771621-7e8b21d9", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0e371afb3000c499e0781168ec881a47eab93bad", "target":{"file":"core/java/android/database/DatabaseUtils.java", "function":"appendEscapedSQLString"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2023-10-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/fb4a72e3943d166088407e61aa4439ac349f3f12"], "severity":"High", "spl":"2023-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["91430442698769588082946095537832694273", "20026852134819942257321237996885029255", "40202397281895256590539654412865972135", "50951509129200039129727141957125128952", "119153895310442971121653871419161057127", "233941376171148845727814306014660242510", "328591897088368036931992023040705824379", "331022390354213500580369461296128589367", "99802358205671677310842177324450502666", "187295020737331672904278640354158062270", "248156025000407165605799185144903196744", "179301388443848148578845235787293899387", "107870144222067608556514995861480788614", "231700832369868250746759799492792043918"], "threshold":0.9}, "id":"ASB-A-224771621-08e678a4", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/fb4a72e3943d166088407e61aa4439ac349f3f12", "target":{"file":"core/java/android/database/DatabaseUtils.java"}}, {"deprecated":false, "digest":{"function_hash":"43765961898805927503019869372948122505", "length":391}, "id":"ASB-A-224771621-1f3d7e7f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/fb4a72e3943d166088407e61aa4439ac349f3f12", "target":{"file":"core/java/android/database/DatabaseUtils.java", "function":"appendEscapedSQLString"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-10-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/fb4a72e3943d166088407e61aa4439ac349f3f12"], "severity":"High", "spl":"2023-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["91430442698769588082946095537832694273", "20026852134819942257321237996885029255", "40202397281895256590539654412865972135", "50951509129200039129727141957125128952", "119153895310442971121653871419161057127", "233941376171148845727814306014660242510", "328591897088368036931992023040705824379", "331022390354213500580369461296128589367", "99802358205671677310842177324450502666", "187295020737331672904278640354158062270", "248156025000407165605799185144903196744", "179301388443848148578845235787293899387", "107870144222067608556514995861480788614", "231700832369868250746759799492792043918"], "threshold":0.9}, "id":"ASB-A-224771621-76b7a6a2", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/fb4a72e3943d166088407e61aa4439ac349f3f12", "target":{"file":"core/java/android/database/DatabaseUtils.java"}}, {"deprecated":false, "digest":{"function_hash":"43765961898805927503019869372948122505", "length":391}, "id":"ASB-A-224771621-9d6c69de", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/fb4a72e3943d166088407e61aa4439ac349f3f12", "target":{"file":"core/java/android/database/DatabaseUtils.java", "function":"appendEscapedSQLString"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-10-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/fb4a72e3943d166088407e61aa4439ac349f3f12"], "severity":"High", "spl":"2023-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"43765961898805927503019869372948122505", "length":391}, "id":"ASB-A-224771621-abf2c345", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/fb4a72e3943d166088407e61aa4439ac349f3f12", "target":{"file":"core/java/android/database/DatabaseUtils.java", "function":"appendEscapedSQLString"}}, {"deprecated":false, "digest":{"line_hashes":["91430442698769588082946095537832694273", "20026852134819942257321237996885029255", "40202397281895256590539654412865972135", "50951509129200039129727141957125128952", "119153895310442971121653871419161057127", "233941376171148845727814306014660242510", "328591897088368036931992023040705824379", "331022390354213500580369461296128589367", "99802358205671677310842177324450502666", "187295020737331672904278640354158062270", "248156025000407165605799185144903196744", "179301388443848148578845235787293899387", "107870144222067608556514995861480788614", "231700832369868250746759799492792043918"], "threshold":0.9}, "id":"ASB-A-224771621-b12023e7", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/fb4a72e3943d166088407e61aa4439ac349f3f12", "target":{"file":"core/java/android/database/DatabaseUtils.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-10-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/fb4a72e3943d166088407e61aa4439ac349f3f12"], "severity":"High", "spl":"2023-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["91430442698769588082946095537832694273", "20026852134819942257321237996885029255", "40202397281895256590539654412865972135", "50951509129200039129727141957125128952", "119153895310442971121653871419161057127", "233941376171148845727814306014660242510", "328591897088368036931992023040705824379", "331022390354213500580369461296128589367", "99802358205671677310842177324450502666", "187295020737331672904278640354158062270", "248156025000407165605799185144903196744", "179301388443848148578845235787293899387", "107870144222067608556514995861480788614", "231700832369868250746759799492792043918"], "threshold":0.9}, "id":"ASB-A-224771621-28d4ee58", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/fb4a72e3943d166088407e61aa4439ac349f3f12", "target":{"file":"core/java/android/database/DatabaseUtils.java"}}, {"deprecated":false, "digest":{"function_hash":"43765961898805927503019869372948122505", "length":391}, "id":"ASB-A-224771621-8b04361a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/fb4a72e3943d166088407e61aa4439ac349f3f12", "target":{"file":"core/java/android/database/DatabaseUtils.java", "function":"appendEscapedSQLString"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-10-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/3287ac2d2565dc96bf6177967f8e3aed33954253"}]}