{"id":"ASB-A-241387741", "published":"2023-01-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2023-20905", "A-241387741"], "details":"In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/packages/apps/Nfc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2023-01-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Nfc/+/f5f24d0ea2bcc33f18915c4c7369f803c45e53b0"], "severity":"High", "spl":"2023-01-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"491234445431674369959365845299383756", "length":2934}, "id":"ASB-A-241387741-9c86bde8", "match_only_versions":["10"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Nfc/+/f5f24d0ea2bcc33f18915c4c7369f803c45e53b0", "target":{"file":"nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.cpp", "function":"Mfc_Transceive"}}, {"deprecated":false, "digest":{"line_hashes":["321778718133220861691615052611595777015", "10690049686860309665648263714545916169", "255462703431065603926902241986586911324"], "threshold":0.9}, "id":"ASB-A-241387741-fe146e78", "match_only_versions":["10"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Nfc/+/f5f24d0ea2bcc33f18915c4c7369f803c45e53b0", "target":{"file":"nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.cpp"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-01-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/apps/Nfc/+/b54ec8598ecaf12dce77b3ce37433db1bbd0126f"}]}