CVE-2022-29580: Path Traversal in Android Google Search App
First published: Tue Dec 13 2022(Updated: )
There exists a path traversal vulnerability in the Android Google Search app. This is caused by the incorrect usage of uri.getLastPathSegment. A symbolic encoded string can bypass the path logic to get access to unintended directories. An attacker can manipulate paths that could lead to code execution on the device. We recommend upgrading beyond version 13.41
Credit: cve-coordination@google.com cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Search | <13.41 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-29580?
CVE-2022-29580 has been rated as a high-severity vulnerability due to its potential to expose sensitive directories.
How do I fix CVE-2022-29580?
To fix CVE-2022-29580, ensure that your Google Search app is updated to the latest version that addresses this vulnerability.
What are the potential impacts of CVE-2022-29580?
An attacker exploiting CVE-2022-29580 can gain access to unintended directories, potentially exposing sensitive user data.
Is CVE-2022-29580 specific to certain Android versions?
CVE-2022-29580 affects versions of the Google Search app prior to 13.41 on Android.
Who is affected by CVE-2022-29580?
Users of the Google Search app on Android devices with vulnerable versions are at risk from CVE-2022-29580.
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/google
- canonical/google search