{"id":"ASB-A-239267173", "published":"2022-12-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2022-20473", "A-239267173"], "details":"In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/minikin", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2022-12-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/minikin/+/a8265407660edaa1006545a6401d6409c05acb5d"], "severity":"Critical", "spl":"2022-12-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["164770276943141582052722884901448753939", "226110374688780666042726420171495378549", "37258808521350274540810683463877721557", "201172805881024670900963815845901526338"], "threshold":0.9}, "id":"ASB-A-239267173-225cce11", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/minikin/+/a8265407660edaa1006545a6401d6409c05acb5d", "target":{"file":"libs/minikin/LocaleListCache.cpp"}}, {"deprecated":false, "digest":{"function_hash":"198706616613895809767354008574302764265", "length":1152}, "id":"ASB-A-239267173-7ce2f1ff", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/minikin/+/a8265407660edaa1006545a6401d6409c05acb5d", "target":{"file":"libs/minikin/LocaleListCache.cpp", "function":"toLanguageTag"}}]}}, {"package":{"name":"platform/frameworks/minikin", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-12-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/minikin/+/a8265407660edaa1006545a6401d6409c05acb5d"], "severity":"Critical", "spl":"2022-12-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"198706616613895809767354008574302764265", "length":1152}, "id":"ASB-A-239267173-08371c85", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/minikin/+/a8265407660edaa1006545a6401d6409c05acb5d", "target":{"file":"libs/minikin/LocaleListCache.cpp", "function":"toLanguageTag"}}, {"deprecated":false, "digest":{"line_hashes":["164770276943141582052722884901448753939", "226110374688780666042726420171495378549", "37258808521350274540810683463877721557", "201172805881024670900963815845901526338"], "threshold":0.9}, "id":"ASB-A-239267173-85650455", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/minikin/+/a8265407660edaa1006545a6401d6409c05acb5d", "target":{"file":"libs/minikin/LocaleListCache.cpp"}}]}}, {"package":{"name":"platform/frameworks/minikin", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-12-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/minikin/+/a8265407660edaa1006545a6401d6409c05acb5d"], "severity":"Critical", "spl":"2022-12-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["164770276943141582052722884901448753939", "226110374688780666042726420171495378549", "37258808521350274540810683463877721557", "201172805881024670900963815845901526338"], "threshold":0.9}, "id":"ASB-A-239267173-3c1f1bb7", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/minikin/+/a8265407660edaa1006545a6401d6409c05acb5d", "target":{"file":"libs/minikin/LocaleListCache.cpp"}}, {"deprecated":false, "digest":{"function_hash":"198706616613895809767354008574302764265", "length":1152}, "id":"ASB-A-239267173-4526d730", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/minikin/+/a8265407660edaa1006545a6401d6409c05acb5d", "target":{"file":"libs/minikin/LocaleListCache.cpp", "function":"toLanguageTag"}}]}}, {"package":{"name":"platform/frameworks/minikin", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-12-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/minikin/+/a8265407660edaa1006545a6401d6409c05acb5d"], "severity":"Critical", "spl":"2022-12-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"198706616613895809767354008574302764265", "length":1152}, "id":"ASB-A-239267173-59b0ed84", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/minikin/+/a8265407660edaa1006545a6401d6409c05acb5d", "target":{"file":"libs/minikin/LocaleListCache.cpp", "function":"toLanguageTag"}}, {"deprecated":false, "digest":{"line_hashes":["164770276943141582052722884901448753939", "226110374688780666042726420171495378549", "37258808521350274540810683463877721557", "201172805881024670900963815845901526338"], "threshold":0.9}, "id":"ASB-A-239267173-d044e270", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/minikin/+/a8265407660edaa1006545a6401d6409c05acb5d", "target":{"file":"libs/minikin/LocaleListCache.cpp"}}]}}, {"package":{"name":"platform/frameworks/minikin", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2022-12-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/minikin/+/a8265407660edaa1006545a6401d6409c05acb5d"], "severity":"Critical", "spl":"2022-12-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"198706616613895809767354008574302764265", "length":1152}, "id":"ASB-A-239267173-6608846d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/minikin/+/a8265407660edaa1006545a6401d6409c05acb5d", "target":{"file":"libs/minikin/LocaleListCache.cpp", "function":"toLanguageTag"}}, {"deprecated":false, "digest":{"line_hashes":["164770276943141582052722884901448753939", "226110374688780666042726420171495378549", "37258808521350274540810683463877721557", "201172805881024670900963815845901526338"], "threshold":0.9}, "id":"ASB-A-239267173-8ffe1fd8", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/minikin/+/a8265407660edaa1006545a6401d6409c05acb5d", "target":{"file":"libs/minikin/LocaleListCache.cpp"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-12-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/minikin/+/c77b7cd6c1f57a43bcbf8bd012b84aa9d77746e2"}]}