{"id":"PUB-A-259062118", "published":"2023-03-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2023-20994", "A-259062118"], "details":"In _ufdt_output_property_to_fdt of ufdt_convert.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/system/libufdt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-03-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/libufdt/+/cd47b8f445d1f81aea3f21b2a87fe7f8dd6b899b"], "severity":"Moderate", "spl":"2023-03-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["269449001427008958041928122750080392103", "112340805860402084626537042260897851464", "240693715727817098815200077946399606303", "294468273371400869360442669935033790812"], "threshold":0.9}, "id":"PUB-A-259062118-2631f546", "match_only_versions":["13"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/libufdt/+/cd47b8f445d1f81aea3f21b2a87fe7f8dd6b899b", "target":{"file":"ufdt_node.c"}}, {"deprecated":false, "digest":{"line_hashes":["323823544825511865549810849294439825958", "252550072065703209345694713108339039426", "256790285941853020554086339324470224161", "237655318303759473040719225354304006561", "206631571228838832085912481911929194718", "9342052278200326340437172155188535543"], "threshold":0.9}, "id":"PUB-A-259062118-46b851d3", "match_only_versions":["13"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/libufdt/+/cd47b8f445d1f81aea3f21b2a87fe7f8dd6b899b", "target":{"file":"ufdt_convert.c"}}, {"deprecated":false, "digest":{"function_hash":"56318145640195371400370385402936887310", "length":849}, "id":"PUB-A-259062118-b167ce39", "match_only_versions":["13"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/libufdt/+/cd47b8f445d1f81aea3f21b2a87fe7f8dd6b899b", "target":{"file":"ufdt_convert.c", "function":"_ufdt_output_property_to_fdt"}}, {"deprecated":false, "digest":{"function_hash":"320014862824155551697134664963469726161", "length":276}, "id":"PUB-A-259062118-f3d173c2", "match_only_versions":["13"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/libufdt/+/cd47b8f445d1f81aea3f21b2a87fe7f8dd6b899b", "target":{"file":"ufdt_node.c", "function":"ufdt_node_get_fdt_prop_data"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-03-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/system/libufdt/+/cd47b8f445d1f81aea3f21b2a87fe7f8dd6b899b"}]}