{"id":"ASB-A-261867748", "published":"2023-03-01T00:00:00Z", "modified":"2026-07-03T16:08:45.503432344Z", "aliases":["CVE-2023-20954", "A-261867748"], "details":"In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/packages/modules/Bluetooth", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-03-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/4b0f6e3b11b5f15e8b11d9641a5d38e024b2f089"], "severity":"Critical", "spl":"2023-03-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["268966519890673592373226132654890357818", "53028579098138126560829212585711619117", "214424446220369933886731482884302318082", "230691675953971434671289943888348243319", "128467225149887229403254936370294966370", "223398450480484607073681123615259489048", "51588917513554258791363676110430415207", "23864020749238874851468764405360350581", "98059741557764458262010702801055520668", "229521156691252941218304495170978149783", "193796831976565547538930547449833928637", "147068893013608601332174076344206267323", "255395497216812250479514049407386329669", "95325757278314560758631698746255474495", "299745641314219429582968728597422429013", "129158219444060520803925567174383169304", "52123887382910997798212319234964178902", "300650831691930109957904945074065797044"], "threshold":0.9}, "id":"ASB-A-261867748-4f2d109d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/4b0f6e3b11b5f15e8b11d9641a5d38e024b2f089", "target":{"file":"system/stack/sdp/sdp_db.cc"}}, {"deprecated":false, "digest":{"function_hash":"27806619383211635638394095334712591648", "length":3132}, "id":"ASB-A-261867748-e6228025", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/4b0f6e3b11b5f15e8b11d9641a5d38e024b2f089", "target":{"file":"system/stack/sdp/sdp_db.cc", "function":"SDP_AddAttribute"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2023-03-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/cc527a97f78a2999a0156a579e488afe9e3675b2"], "severity":"Critical", "spl":"2023-03-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["258026599460255156511840060199436235944", "53028579098138126560829212585711619117", "214424446220369933886731482884302318082", "230691675953971434671289943888348243319", "128467225149887229403254936370294966370", "223398450480484607073681123615259489048", "51588917513554258791363676110430415207", "23864020749238874851468764405360350581", "98059741557764458262010702801055520668", "229521156691252941218304495170978149783", "193796831976565547538930547449833928637", "147068893013608601332174076344206267323", "255395497216812250479514049407386329669", "95325757278314560758631698746255474495", "299745641314219429582968728597422429013", "129158219444060520803925567174383169304", "52123887382910997798212319234964178902", "300650831691930109957904945074065797044"], "threshold":0.9}, "id":"ASB-A-261867748-51facfc1", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/cc527a97f78a2999a0156a579e488afe9e3675b2", "target":{"file":"stack/sdp/sdp_db.cc"}}, {"deprecated":false, "digest":{"function_hash":"310198622518672996077602582665402023253", "length":2810}, "id":"ASB-A-261867748-e66b4852", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/cc527a97f78a2999a0156a579e488afe9e3675b2", "target":{"file":"stack/sdp/sdp_db.cc", "function":"SDP_AddAttribute"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-03-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/cc527a97f78a2999a0156a579e488afe9e3675b2"], "severity":"Critical", "spl":"2023-03-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["258026599460255156511840060199436235944", "53028579098138126560829212585711619117", "214424446220369933886731482884302318082", "230691675953971434671289943888348243319", "128467225149887229403254936370294966370", "223398450480484607073681123615259489048", "51588917513554258791363676110430415207", "23864020749238874851468764405360350581", "98059741557764458262010702801055520668", "229521156691252941218304495170978149783", "193796831976565547538930547449833928637", "147068893013608601332174076344206267323", "255395497216812250479514049407386329669", "95325757278314560758631698746255474495", "299745641314219429582968728597422429013", "129158219444060520803925567174383169304", "52123887382910997798212319234964178902", "300650831691930109957904945074065797044"], "threshold":0.9}, "id":"ASB-A-261867748-220f1d51", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/cc527a97f78a2999a0156a579e488afe9e3675b2", "target":{"file":"stack/sdp/sdp_db.cc"}}, {"deprecated":false, "digest":{"function_hash":"310198622518672996077602582665402023253", "length":2810}, "id":"ASB-A-261867748-6c5ae489", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/cc527a97f78a2999a0156a579e488afe9e3675b2", "target":{"file":"stack/sdp/sdp_db.cc", "function":"SDP_AddAttribute"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-03-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/cc527a97f78a2999a0156a579e488afe9e3675b2"], "severity":"Critical", "spl":"2023-03-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"310198622518672996077602582665402023253", "length":2810}, "id":"ASB-A-261867748-391e69b4", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/cc527a97f78a2999a0156a579e488afe9e3675b2", "target":{"file":"stack/sdp/sdp_db.cc", "function":"SDP_AddAttribute"}}, {"deprecated":false, "digest":{"line_hashes":["258026599460255156511840060199436235944", "53028579098138126560829212585711619117", "214424446220369933886731482884302318082", "230691675953971434671289943888348243319", "128467225149887229403254936370294966370", "223398450480484607073681123615259489048", "51588917513554258791363676110430415207", "23864020749238874851468764405360350581", "98059741557764458262010702801055520668", "229521156691252941218304495170978149783", "193796831976565547538930547449833928637", "147068893013608601332174076344206267323", "255395497216812250479514049407386329669", "95325757278314560758631698746255474495", "299745641314219429582968728597422429013", "129158219444060520803925567174383169304", "52123887382910997798212319234964178902", "300650831691930109957904945074065797044"], "threshold":0.9}, "id":"ASB-A-261867748-71a4ef28", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/cc527a97f78a2999a0156a579e488afe9e3675b2", "target":{"file":"stack/sdp/sdp_db.cc"}}]}}, {"package":{"name":"platform/packages/modules/Bluetooth", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-03-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0846b5b746e844464fb728478fea3c2ad6aaef1f"], "severity":"Critical", "spl":"2023-03-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["268966519890673592373226132654890357818", "53028579098138126560829212585711619117", "214424446220369933886731482884302318082", "230691675953971434671289943888348243319", "128467225149887229403254936370294966370", "223398450480484607073681123615259489048", "51588917513554258791363676110430415207", "23864020749238874851468764405360350581", "98059741557764458262010702801055520668", "229521156691252941218304495170978149783", "193796831976565547538930547449833928637", "147068893013608601332174076344206267323", "255395497216812250479514049407386329669", "95325757278314560758631698746255474495", "299745641314219429582968728597422429013", "129158219444060520803925567174383169304", "52123887382910997798212319234964178902", "300650831691930109957904945074065797044"], "threshold":0.9}, "id":"ASB-A-261867748-3fc806d2", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0846b5b746e844464fb728478fea3c2ad6aaef1f", "target":{"file":"system/stack/sdp/sdp_db.cc"}}, {"deprecated":false, "digest":{"function_hash":"321724065725547573151194518007770896634", "length":3093}, "id":"ASB-A-261867748-f27f17cd", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0846b5b746e844464fb728478fea3c2ad6aaef1f", "target":{"file":"system/stack/sdp/sdp_db.cc", "function":"SDP_AddAttribute"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-03-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/da151195f374987738f6b09b72943bb9d8899678"}]}