CVE-2023-20977: Input Validation
First published: Fri Mar 24 2023(Updated: )
In btm_ble_read_remote_features_complete of btm_ble_gap.cc, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if the firmware were compromised with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254445952
Credit: security@android.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | =13.0 | |
| =13.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-20977?
CVE-2023-20977 is a vulnerability with a significant severity rating as it could lead to local information disclosure.
How do I fix CVE-2023-20977?
To fix CVE-2023-20977, ensure that you update your Android device to the latest firmware version provided by Google.
What types of devices are affected by CVE-2023-20977?
CVE-2023-20977 affects Android devices running version 13.0.
Can CVE-2023-20977 be exploited without user interaction?
Yes, CVE-2023-20977 can be exploited without any user interaction.
What is the potential impact of CVE-2023-20977 if exploited?
If exploited, CVE-2023-20977 could allow an attacker to gain access to local information due to an out-of-bounds read.
- agent/type
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/first-publish-date
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/google
- canonical/android
- version/android/13.0