{"id":"ASB-A-239210579", "published":"2022-12-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2022-20472", "A-239210579"], "details":"In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/minikin", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2022-12-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/minikin/+/d8a427cc9c8a722b0911af5139b10b0a6aeb0e03"], "severity":"Critical", "spl":"2022-12-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"152948757818298646151844135874724150576", "length":1060}, "id":"ASB-A-239210579-be0859dd", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/minikin/+/d8a427cc9c8a722b0911af5139b10b0a6aeb0e03", "target":{"file":"libs/minikin/LocaleListCache.cpp", "function":"toLanguageTag"}}, {"deprecated":false, "digest":{"line_hashes":["311606954623645014405006219303463805465", "241199747390157345748406894549090239946", "285900964479397606537853783197812129489", "197897737091753768722222239047080504598", "71759189750102407818191791820821522474", "157532236812911576354397536908371080903", "292516064325142511290277124646580853728", "100923073751965899328259216077403220810"], "threshold":0.9}, "id":"ASB-A-239210579-c3e08b40", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/minikin/+/d8a427cc9c8a722b0911af5139b10b0a6aeb0e03", "target":{"file":"libs/minikin/LocaleListCache.cpp"}}]}}, {"package":{"name":"platform/frameworks/minikin", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-12-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/minikin/+/df1b59a77619ce831d8e5078c125cc2557a9ea35"], "severity":"Critical", "spl":"2022-12-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["311606954623645014405006219303463805465", "241199747390157345748406894549090239946", "285900964479397606537853783197812129489", "197897737091753768722222239047080504598", "71759189750102407818191791820821522474", "157532236812911576354397536908371080903", "292516064325142511290277124646580853728", "100923073751965899328259216077403220810"], "threshold":0.9}, "id":"ASB-A-239210579-5e49c3b5", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/minikin/+/df1b59a77619ce831d8e5078c125cc2557a9ea35", "target":{"file":"libs/minikin/LocaleListCache.cpp"}}, {"deprecated":false, "digest":{"function_hash":"44544224249926763090065890534562730262", "length":1148}, "id":"ASB-A-239210579-9604c377", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/minikin/+/df1b59a77619ce831d8e5078c125cc2557a9ea35", "target":{"file":"libs/minikin/LocaleListCache.cpp", "function":"toLanguageTag"}}]}}, {"package":{"name":"platform/frameworks/minikin", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-12-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/minikin/+/fde7f4a25ca4f1405bea3816c71cea64d80a9c81"], "severity":"Critical", "spl":"2022-12-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["311606954623645014405006219303463805465", "241199747390157345748406894549090239946", "285900964479397606537853783197812129489", "197897737091753768722222239047080504598", "71759189750102407818191791820821522474", "157532236812911576354397536908371080903", "292516064325142511290277124646580853728", "100923073751965899328259216077403220810"], "threshold":0.9}, "id":"ASB-A-239210579-28e85dc8", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/minikin/+/fde7f4a25ca4f1405bea3816c71cea64d80a9c81", "target":{"file":"libs/minikin/LocaleListCache.cpp"}}, {"deprecated":false, "digest":{"function_hash":"44544224249926763090065890534562730262", "length":1148}, "id":"ASB-A-239210579-72f10ff2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/minikin/+/fde7f4a25ca4f1405bea3816c71cea64d80a9c81", "target":{"file":"libs/minikin/LocaleListCache.cpp", "function":"toLanguageTag"}}]}}, {"package":{"name":"platform/frameworks/minikin", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-12-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/minikin/+/c2380d94c6ed84542dd201c039a079cbf927bd24"], "severity":"Critical", "spl":"2022-12-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"44544224249926763090065890534562730262", "length":1148}, "id":"ASB-A-239210579-5f962a9b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/minikin/+/c2380d94c6ed84542dd201c039a079cbf927bd24", "target":{"file":"libs/minikin/LocaleListCache.cpp", "function":"toLanguageTag"}}, {"deprecated":false, "digest":{"line_hashes":["311606954623645014405006219303463805465", "241199747390157345748406894549090239946", "285900964479397606537853783197812129489", "197897737091753768722222239047080504598", "71759189750102407818191791820821522474", "157532236812911576354397536908371080903", "292516064325142511290277124646580853728", "100923073751965899328259216077403220810"], "threshold":0.9}, "id":"ASB-A-239210579-a1d5b13c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/minikin/+/c2380d94c6ed84542dd201c039a079cbf927bd24", "target":{"file":"libs/minikin/LocaleListCache.cpp"}}]}}, {"package":{"name":"platform/frameworks/minikin", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2022-12-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/minikin/+/d5d0c70c3c73167a6564dc3e8843ab1f567b4676"], "severity":"Critical", "spl":"2022-12-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["311606954623645014405006219303463805465", "241199747390157345748406894549090239946", "285900964479397606537853783197812129489", "197897737091753768722222239047080504598", "71759189750102407818191791820821522474", "157532236812911576354397536908371080903", "292516064325142511290277124646580853728", "100923073751965899328259216077403220810"], "threshold":0.9}, "id":"ASB-A-239210579-248e174e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/minikin/+/d5d0c70c3c73167a6564dc3e8843ab1f567b4676", "target":{"file":"libs/minikin/LocaleListCache.cpp"}}, {"deprecated":false, "digest":{"function_hash":"44544224249926763090065890534562730262", "length":1148}, "id":"ASB-A-239210579-e3bb318f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/minikin/+/d5d0c70c3c73167a6564dc3e8843ab1f567b4676", "target":{"file":"libs/minikin/LocaleListCache.cpp", "function":"toLanguageTag"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-12-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/minikin/+/b215af1ecb2d5e9cec23444978fccc72d3821c98"}]}