{"id":"PUB-A-262246231", "published":"2023-06-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2023-21204", "A-262246231"], "details":"In multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi server with System execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/external/wpa_supplicant_8", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-06-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20"], "severity":"Moderate", "spl":"2023-06-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"302268144275723282215237474613964667341", "length":424}, "id":"PUB-A-262246231-47b0e1ac", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "target":{"file":"wpa_supplicant/aidl/sta_iface.cpp", "function":"StaIface::initiateHs20IconQueryInternal"}}, {"deprecated":false, "digest":{"function_hash":"257355276165712963944831835492749907205", "length":1567}, "id":"PUB-A-262246231-5cd64147", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "target":{"file":"wpa_supplicant/aidl/p2p_iface.cpp", "function":"P2pIface::addGroupWithConfigInternal"}}, {"deprecated":false, "digest":{"function_hash":"187077103001751572314279034052689728383", "length":286}, "id":"PUB-A-262246231-6d5fa3db", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "target":{"file":"wpa_supplicant/aidl/sta_iface.cpp", "function":"StaIface::startWpsRegistrarInternal"}}, {"deprecated":false, "digest":{"function_hash":"59139949819330265023457171034052804893", "length":397}, "id":"PUB-A-262246231-8c1a6e95", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "target":{"file":"wpa_supplicant/aidl/sta_iface.cpp", "function":"StaIface::initiateTdlsDiscoverInternal"}}, {"deprecated":false, "digest":{"line_hashes":["282443825160230321450963843298545080728", "240013557668857853334420540261787923890", "62429178238551276205184415105404761893", "46560374957961384603586640630652171945", "336419216446644093182773684234698415035", "327041791035341145435564724994982404898", "78343065902290284737465664672312973572", "255724180623786242402920462074245142357"], "threshold":0.9}, "id":"PUB-A-262246231-8e3c7fd2", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "target":{"file":"wpa_supplicant/aidl/p2p_iface.cpp"}}, {"deprecated":false, "digest":{"function_hash":"270479948021175522507269756789778107231", "length":478}, "id":"PUB-A-262246231-b0a148ea", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "target":{"file":"wpa_supplicant/aidl/sta_iface.cpp", "function":"StaIface::initiateTdlsTeardownInternal"}}, {"deprecated":false, "digest":{"function_hash":"23404326539921386207545272978027900169", "length":1417}, "id":"PUB-A-262246231-b3186f45", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "target":{"file":"wpa_supplicant/aidl/sta_iface.cpp", "function":"StaIface::generateDppBootstrapInfoForResponderInternal"}}, {"deprecated":false, "digest":{"function_hash":"8104615961089294009968361479877306241", "length":444}, "id":"PUB-A-262246231-b3d70c20", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "target":{"file":"wpa_supplicant/aidl/sta_iface.cpp", "function":"StaIface::setCountryCodeInternal"}}, {"deprecated":false, "digest":{"function_hash":"9612674215676627984640536271814398902", "length":461}, "id":"PUB-A-262246231-b64d3488", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "target":{"file":"wpa_supplicant/aidl/sta_iface.cpp", "function":"StaIface::initiateTdlsSetupInternal"}}, {"deprecated":false, "digest":{"function_hash":"57178098856143511217138945353437811603", "length":428}, "id":"PUB-A-262246231-b862ad89", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "target":{"file":"wpa_supplicant/aidl/sta_iface.cpp", "function":"StaIface::startWpsPinDisplayInternal"}}, {"deprecated":false, "digest":{"function_hash":"291459334106095460708774590590163935140", "length":303}, "id":"PUB-A-262246231-cfb25b2f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "target":{"file":"wpa_supplicant/aidl/sta_iface.cpp", "function":"StaIface::initiateVenueUrlAnqpQueryInternal"}}, {"deprecated":false, "digest":{"function_hash":"222888601949521659693169645706244661099", "length":672}, "id":"PUB-A-262246231-d48eb61f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "target":{"file":"wpa_supplicant/aidl/sta_iface.cpp", "function":"StaIface::initiateAnqpQueryInternal"}}, {"deprecated":false, "digest":{"function_hash":"251277092963258719819988234584216547557", "length":537}, "id":"PUB-A-262246231-e6ded3c4", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "target":{"file":"wpa_supplicant/aidl/p2p_iface.cpp", "function":"P2pIface::provisionDiscoveryInternal"}}, {"deprecated":false, "digest":{"line_hashes":["108313089334327937595636589997524737905", "66840887000484404323921320035452788215", "219717861291424890984424019376547388571", "44896243708100406615835794888652299551", "108313089334327937595636589997524737905", "66840887000484404323921320035452788215", "119966804988596060753854524323008774240", "153604098853226158544591461503264384829", "108313089334327937595636589997524737905", "66840887000484404323921320035452788215", "119966804988596060753854524323008774240", "153604098853226158544591461503264384829", "213776302724071626336886735033271865367", "111127769627793226434270712715727975740", "185587857298398648800638886100378496896", "11051987560156314982525484614039640730", "138136018535094028760656810696393132256", "242559769715913450717656652795026906173", "220163884289595045272493767027284266292", "186159613295524858348311536973943924232", "97920612003950030480333138944478168364", "106416219480024751751259025809335167026", "98678616116437698904132115913139234778", "262093932907482226702908105462070957040", "179785536207578963771599860683453035709", "306454131221479826909148403651925784495", "94508611683518420978877184414880182032", "198629720058014996525008381472581916452", "83757367880493119121683389931198569683", "31274133583577273158273533047343986777", "19101203741728346271706693008717644004", "210125636254096168817574411616794081904", "321029893561082877086623895468503904177", "74013402360008246287580570831392352661", "140269204791012767623566618777651021530", "123308398843050064060681011537122893696", "265977110554366842733255150657799530232", "74013402360008246287580570831392352661", "140269204791012767623566618777651021530", "108028509933157452795677691037514741083", "16645525397261761350351177096480169880", "257760521617479987513025030407880082978", "14183314491399266848601277807740484092"], "threshold":0.9}, "id":"PUB-A-262246231-eba4b300", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "target":{"file":"wpa_supplicant/aidl/sta_iface.cpp"}}, {"deprecated":false, "digest":{"function_hash":"264951205164416993651860207899884527381", "length":304}, "id":"PUB-A-262246231-fdcf15c9", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "target":{"file":"wpa_supplicant/aidl/sta_iface.cpp", "function":"StaIface::startWpsPbcInternal"}}]}}, {"package":{"name":"platform/external/wpa_supplicant_8", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-06-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/wpa_supplicant_8/+/ad44735f2ab69415240127d6590e34615c4b718d"], "severity":"Moderate", "spl":"2023-06-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"291459334106095460708774590590163935140", "length":303}, "id":"PUB-A-262246231-09febb75", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/ad44735f2ab69415240127d6590e34615c4b718d", "target":{"file":"wpa_supplicant/aidl/sta_iface.cpp", "function":"StaIface::initiateVenueUrlAnqpQueryInternal"}}, {"deprecated":false, "digest":{"line_hashes":["282443825160230321450963843298545080728", "240013557668857853334420540261787923890", "62429178238551276205184415105404761893", "46560374957961384603586640630652171945", "215639982946050837374262497398422649208", "88542317988287961840380036956813897270", "268742349020284817160466135871177099621"], "threshold":0.9}, "id":"PUB-A-262246231-0f4b1181", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/ad44735f2ab69415240127d6590e34615c4b718d", "target":{"file":"wpa_supplicant/aidl/p2p_iface.cpp"}}, {"deprecated":false, "digest":{"function_hash":"187077103001751572314279034052689728383", "length":286}, "id":"PUB-A-262246231-2269668f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/ad44735f2ab69415240127d6590e34615c4b718d", "target":{"file":"wpa_supplicant/aidl/sta_iface.cpp", "function":"StaIface::startWpsRegistrarInternal"}}, {"deprecated":false, "digest":{"function_hash":"8104615961089294009968361479877306241", "length":444}, "id":"PUB-A-262246231-60af6251", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/ad44735f2ab69415240127d6590e34615c4b718d", "target":{"file":"wpa_supplicant/aidl/sta_iface.cpp", "function":"StaIface::setCountryCodeInternal"}}, {"deprecated":false, "digest":{"function_hash":"59139949819330265023457171034052804893", "length":397}, "id":"PUB-A-262246231-6ccb687f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/ad44735f2ab69415240127d6590e34615c4b718d", "target":{"file":"wpa_supplicant/aidl/sta_iface.cpp", "function":"StaIface::initiateTdlsDiscoverInternal"}}, {"deprecated":false, "digest":{"function_hash":"302268144275723282215237474613964667341", "length":424}, "id":"PUB-A-262246231-72a47bd7", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/ad44735f2ab69415240127d6590e34615c4b718d", "target":{"file":"wpa_supplicant/aidl/sta_iface.cpp", "function":"StaIface::initiateHs20IconQueryInternal"}}, {"deprecated":false, "digest":{"function_hash":"222888601949521659693169645706244661099", "length":672}, "id":"PUB-A-262246231-75a895db", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/ad44735f2ab69415240127d6590e34615c4b718d", "target":{"file":"wpa_supplicant/aidl/sta_iface.cpp", "function":"StaIface::initiateAnqpQueryInternal"}}, {"deprecated":false, "digest":{"function_hash":"118019735852887394048568976088613166868", "length":3553}, "id":"PUB-A-262246231-87c6351a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/ad44735f2ab69415240127d6590e34615c4b718d", "target":{"file":"wpa_supplicant/aidl/p2p_iface.cpp", "function":"P2pIface::addGroupWithConfigInternal"}}, {"deprecated":false, "digest":{"function_hash":"9612674215676627984640536271814398902", "length":461}, "id":"PUB-A-262246231-91016366", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/ad44735f2ab69415240127d6590e34615c4b718d", "target":{"file":"wpa_supplicant/aidl/sta_iface.cpp", "function":"StaIface::initiateTdlsSetupInternal"}}, {"deprecated":false, "digest":{"function_hash":"251277092963258719819988234584216547557", "length":537}, "id":"PUB-A-262246231-ca91f56d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/ad44735f2ab69415240127d6590e34615c4b718d", "target":{"file":"wpa_supplicant/aidl/p2p_iface.cpp", "function":"P2pIface::provisionDiscoveryInternal"}}, {"deprecated":false, "digest":{"function_hash":"23404326539921386207545272978027900169", "length":1417}, "id":"PUB-A-262246231-d3d2958c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/ad44735f2ab69415240127d6590e34615c4b718d", "target":{"file":"wpa_supplicant/aidl/sta_iface.cpp", "function":"StaIface::generateDppBootstrapInfoForResponderInternal"}}, {"deprecated":false, "digest":{"line_hashes":["108313089334327937595636589997524737905", "66840887000484404323921320035452788215", "219717861291424890984424019376547388571", "44896243708100406615835794888652299551", "108313089334327937595636589997524737905", "66840887000484404323921320035452788215", "119966804988596060753854524323008774240", "153604098853226158544591461503264384829", "108313089334327937595636589997524737905", "66840887000484404323921320035452788215", "119966804988596060753854524323008774240", "153604098853226158544591461503264384829", "213776302724071626336886735033271865367", "111127769627793226434270712715727975740", "185587857298398648800638886100378496896", "11051987560156314982525484614039640730", "138136018535094028760656810696393132256", "242559769715913450717656652795026906173", "220163884289595045272493767027284266292", "186159613295524858348311536973943924232", "97920612003950030480333138944478168364", "106416219480024751751259025809335167026", "98678616116437698904132115913139234778", "262093932907482226702908105462070957040", "179785536207578963771599860683453035709", "306454131221479826909148403651925784495", "94508611683518420978877184414880182032", "198629720058014996525008381472581916452", "83757367880493119121683389931198569683", "31274133583577273158273533047343986777", "19101203741728346271706693008717644004", "210125636254096168817574411616794081904", "321029893561082877086623895468503904177", "74013402360008246287580570831392352661", "140269204791012767623566618777651021530", "123308398843050064060681011537122893696", "265977110554366842733255150657799530232", "74013402360008246287580570831392352661", "140269204791012767623566618777651021530", "108028509933157452795677691037514741083", "16645525397261761350351177096480169880", "257760521617479987513025030407880082978", "14183314491399266848601277807740484092"], "threshold":0.9}, "id":"PUB-A-262246231-d5cd277c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/ad44735f2ab69415240127d6590e34615c4b718d", "target":{"file":"wpa_supplicant/aidl/sta_iface.cpp"}}, {"deprecated":false, "digest":{"function_hash":"57178098856143511217138945353437811603", "length":428}, "id":"PUB-A-262246231-e5ba3c5e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/ad44735f2ab69415240127d6590e34615c4b718d", "target":{"file":"wpa_supplicant/aidl/sta_iface.cpp", "function":"StaIface::startWpsPinDisplayInternal"}}, {"deprecated":false, "digest":{"function_hash":"270479948021175522507269756789778107231", "length":478}, "id":"PUB-A-262246231-f3ec27a3", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/ad44735f2ab69415240127d6590e34615c4b718d", "target":{"file":"wpa_supplicant/aidl/sta_iface.cpp", "function":"StaIface::initiateTdlsTeardownInternal"}}, {"deprecated":false, "digest":{"function_hash":"264951205164416993651860207899884527381", "length":304}, "id":"PUB-A-262246231-fa57f73f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/ad44735f2ab69415240127d6590e34615c4b718d", "target":{"file":"wpa_supplicant/aidl/sta_iface.cpp", "function":"StaIface::startWpsPbcInternal"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-06-01"}]}