Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1251 vulnerabilities reference this CWE, most recent first.

GHSA-F2WH-CRM6-349C

Vulnerability from github – Published: 2022-11-10 12:01 – Updated: 2025-05-01 15:31
VLAI
Details

The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnerability may cause third-party apps to access the geofencing APIs without authorization, affecting user confidentiality.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-44549"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668",
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-09T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnerability may cause third-party apps to access the geofencing APIs without authorization, affecting user confidentiality.",
  "id": "GHSA-f2wh-crm6-349c",
  "modified": "2025-05-01T15:31:29Z",
  "published": "2022-11-10T12:01:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44549"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2022/11"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F386-W386-PJ3F

Vulnerability from github – Published: 2025-01-11 15:30 – Updated: 2025-11-03 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

s390/entry: Mark IRQ entries to fix stack depot warnings

The stack depot filters out everything outside of the top interrupt context as an uninteresting or irrelevant part of the stack traces. This helps with stack trace de-duplication, avoiding an explosion of saved stack traces that share the same IRQ context code path but originate from different randomly interrupted points, eventually exhausting the stack depot.

Filtering uses in_irqentry_text() to identify functions within the .irqentry.text and .softirqentry.text sections, which then become the last stack trace entries being saved.

While __do_softirq() is placed into the .softirqentry.text section by common code, populating .irqentry.text is architecture-specific.

Currently, the .irqentry.text section on s390 is empty, which prevents stack depot filtering and de-duplication and could result in warnings like:

Stack depot reached limit capacity WARNING: CPU: 0 PID: 286113 at lib/stackdepot.c:252 depot_alloc_stack+0x39a/0x3c8

with PREEMPT and KASAN enabled.

Fix this by moving the IO/EXT interrupt handlers from .kprobes.text into the .irqentry.text section and updating the kprobes blacklist to include the .irqentry.text section.

This is done only for asynchronous interrupts and explicitly not for program checks, which are synchronous and where the context beyond the program check is important to preserve. Despite machine checks being somewhat in between, they are extremely rare, and preserving context when possible is also of value.

SVCs and Restart Interrupts are not relevant, one being always at the boundary to user space and the other being a one-time thing.

IRQ entries filtering is also optionally used in ftrace function graph, where the same logic applies.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-57838"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-11T14:15:25Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/entry: Mark IRQ entries to fix stack depot warnings\n\nThe stack depot filters out everything outside of the top interrupt\ncontext as an uninteresting or irrelevant part of the stack traces. This\nhelps with stack trace de-duplication, avoiding an explosion of saved\nstack traces that share the same IRQ context code path but originate\nfrom different randomly interrupted points, eventually exhausting the\nstack depot.\n\nFiltering uses in_irqentry_text() to identify functions within the\n.irqentry.text and .softirqentry.text sections, which then become the\nlast stack trace entries being saved.\n\nWhile __do_softirq() is placed into the .softirqentry.text section by\ncommon code, populating .irqentry.text is architecture-specific.\n\nCurrently, the .irqentry.text section on s390 is empty, which prevents\nstack depot filtering and de-duplication and could result in warnings\nlike:\n\nStack depot reached limit capacity\nWARNING: CPU: 0 PID: 286113 at lib/stackdepot.c:252 depot_alloc_stack+0x39a/0x3c8\n\nwith PREEMPT and KASAN enabled.\n\nFix this by moving the IO/EXT interrupt handlers from .kprobes.text into\nthe .irqentry.text section and updating the kprobes blacklist to include\nthe .irqentry.text section.\n\nThis is done only for asynchronous interrupts and explicitly not for\nprogram checks, which are synchronous and where the context beyond the\nprogram check is important to preserve. Despite machine checks being\nsomewhat in between, they are extremely rare, and preserving context\nwhen possible is also of value.\n\nSVCs and Restart Interrupts are not relevant, one being always at the\nboundary to user space and the other being a one-time thing.\n\nIRQ entries filtering is also optionally used in ftrace function graph,\nwhere the same logic applies.",
  "id": "GHSA-f386-w386-pj3f",
  "modified": "2025-11-03T21:32:07Z",
  "published": "2025-01-11T15:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57838"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1af22528fee8072b7adc007b8ca49cc4ea62689e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/45c9f2b856a075a34873d00788d2e8a250c1effd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/473ffae3030188f1c6b80e1b3631a26b4adf7b32"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5bb7a2c3afcf8732dc65ea49c09147b07da1d993"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ca687fdce5b95f84d91d6e36ac77047771eb3dfc"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F3FG-5J9P-VCHC

Vulnerability from github – Published: 2021-08-25 21:01 – Updated: 2023-04-03 19:22
VLAI
Summary
File exposure in pleaser
Details

pleaser before 0.4.0 allows a local unprivileged attacker to gain knowledge about the existence of files or directories in privileged locations via the search_path function, the --check option, or the -d option.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "pleaser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-31153"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-06-01T19:35:31Z",
    "nvd_published_at": "2021-05-27T13:15:00Z",
    "severity": "LOW"
  },
  "details": "pleaser before 0.4.0 allows a local unprivileged attacker to gain knowledge about the existence of files or directories in privileged locations via the search_path function, the --check option, or the -d option.",
  "id": "GHSA-f3fg-5j9p-vchc",
  "modified": "2023-04-03T19:22:33Z",
  "published": "2021-08-25T21:01:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31153"
    },
    {
      "type": "WEB",
      "url": "https://crates.io/crates/pleaser"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/edneville/please/-/tree/master/src/bin"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2021-0104.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/05/18/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "File exposure in pleaser"
}

GHSA-F3PV-WV63-48X8

Vulnerability from github – Published: 2026-04-07 15:52 – Updated: 2026-04-08 11:57
VLAI
Summary
Electron: Named window.open targets not scoped to the opener's browsing context
Details

Impact

When a renderer calls window.open() with a target name, Electron did not correctly scope the named-window lookup to the opener's browsing context group. A renderer could navigate an existing child window that was opened by a different, unrelated renderer if both used the same target name. If that existing child was created with more permissive webPreferences (via setWindowOpenHandler's overrideBrowserWindowOptions), content loaded by the second renderer inherits those permissions.

Apps are only affected if they open multiple top-level windows with differing trust levels and use setWindowOpenHandler to grant child windows elevated webPreferences such as a privileged preload script. Apps that do not elevate child window privileges, or that use a single top-level window, are not affected.

Apps that additionally grant nodeIntegration: true or sandbox: false to child windows (contrary to the security recommendations) may be exposed to arbitrary code execution.

Workarounds

Deny window.open() in renderers that load untrusted content by returning { action: 'deny' } from setWindowOpenHandler. Avoid granting child windows more permissive webPreferences than their opener.

Fixed Versions

  • 42.0.0-alpha.5
  • 41.1.0
  • 40.8.5
  • 39.8.5

For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "electron"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "39.8.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "electron"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "40.0.0-alpha.1"
            },
            {
              "fixed": "40.8.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "electron"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "41.0.0-alpha.1"
            },
            {
              "fixed": "41.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "electron"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "42.0.0-alpha.1"
            },
            {
              "fixed": "42.0.0-alpha.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-34765"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-07T15:52:25Z",
    "nvd_published_at": "2026-04-07T22:16:22Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nWhen a renderer calls `window.open()` with a target name, Electron did not correctly scope the named-window lookup to the opener\u0027s browsing context group. A renderer could navigate an existing child window that was opened by a different, unrelated renderer if both used the same target name. If that existing child was created with more permissive `webPreferences` (via `setWindowOpenHandler`\u0027s `overrideBrowserWindowOptions`), content loaded by the second renderer inherits those permissions.\n\nApps are only affected if they open multiple top-level windows with differing trust levels **and** use `setWindowOpenHandler` to grant child windows elevated `webPreferences` such as a privileged preload script. Apps that do not elevate child window privileges, or that use a single top-level window, are not affected.\n\nApps that additionally grant `nodeIntegration: true` or `sandbox: false` to child windows (contrary to the [security recommendations](https://www.electronjs.org/docs/latest/tutorial/security)) may be exposed to arbitrary code execution.\n\n### Workarounds\nDeny `window.open()` in renderers that load untrusted content by returning `{ action: \u0027deny\u0027 }` from `setWindowOpenHandler`. Avoid granting child windows more permissive `webPreferences` than their opener.\n\n### Fixed Versions\n* `42.0.0-alpha.5`\n* `41.1.0`\n* `40.8.5`\n* `39.8.5`\n\n### For more information\nIf you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org)",
  "id": "GHSA-f3pv-wv63-48x8",
  "modified": "2026-04-08T11:57:01Z",
  "published": "2026-04-07T15:52:25Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34765"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/electron/electron"
    },
    {
      "type": "WEB",
      "url": "https://github.com/electron/electron/releases/tag/v39.8.5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/electron/electron/releases/tag/v40.8.5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/electron/electron/releases/tag/v41.1.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Electron: Named window.open targets not scoped to the opener\u0027s browsing context"
}

GHSA-F475-JGG3-3JWC

Vulnerability from github – Published: 2023-07-06 21:14 – Updated: 2023-07-06 23:40
VLAI
Summary
Apache InLong Exposure of Resource to Wrong Sphere vulnerability
Details

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7891 to solve it.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.inlong:manager-pojo"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.4.0"
            },
            {
              "fixed": "1.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.inlong:manager-dao"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.4.0"
            },
            {
              "fixed": "1.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.inlong:manager-service"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.4.0"
            },
            {
              "fixed": "1.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.inlong:manager-test"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.4.0"
            },
            {
              "fixed": "1.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.inlong:manager-web"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.4.0"
            },
            {
              "fixed": "1.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-31206"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-06T23:40:45Z",
    "nvd_published_at": "2023-05-22T14:15:09Z",
    "severity": "HIGH"
  },
  "details": "Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong from 1.4.0 through 1.6.0.\u00a0Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7891 to solve it.",
  "id": "GHSA-f475-jgg3-3jwc",
  "modified": "2023-07-06T23:40:45Z",
  "published": "2023-07-06T21:14:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31206"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/inlong/pull/7891"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/inlong"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/qb7zffo785wzpmsobjqcypodngw6kg6x"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache InLong Exposure of Resource to Wrong Sphere vulnerability"
}

GHSA-F497-M44X-HVVJ

Vulnerability from github – Published: 2022-05-24 19:16 – Updated: 2022-07-13 00:01
VLAI
Details

An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-42087"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-07T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API.",
  "id": "GHSA-f497-m44x-hvvj",
  "modified": "2022-07-13T00:01:42Z",
  "published": "2022-05-24T19:16:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42087"
    },
    {
      "type": "WEB",
      "url": "https://zammad.com/en/advisories/zaa-2021-15"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F5G7-95G9-J55Q

Vulnerability from github – Published: 2022-04-28 00:00 – Updated: 2022-05-06 00:01
VLAI
Details

An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-27331"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-27T03:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.",
  "id": "GHSA-f5g7-95g9-j55q",
  "modified": "2022-05-06T00:01:10Z",
  "published": "2022-04-28T00:00:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27331"
    },
    {
      "type": "WEB",
      "url": "https://zammad.com/de/advisories/zaa-2022-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F5HM-23C6-PQ5V

Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2022-05-24 19:20
VLAI
Details

The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-12488"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-10T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission.",
  "id": "GHSA-f5hm-23c6-pq5v",
  "modified": "2022-05-24T19:20:18Z",
  "published": "2022-05-24T19:20:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12488"
    },
    {
      "type": "WEB",
      "url": "https://www.vivo.com/en/support/security-advisory-detail?id=5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-F6Q4-RMXF-9WWM

Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-07-13 00:01
VLAI
Details

Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-20790"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-17T02:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors.",
  "id": "GHSA-f6q4-rmxf-9wwm",
  "modified": "2022-07-13T00:01:06Z",
  "published": "2022-05-24T19:14:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20790"
    },
    {
      "type": "WEB",
      "url": "https://jscom.jp/news-20210910_2"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN81658818/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F73V-RM28-J7C4

Vulnerability from github – Published: 2021-12-16 00:01 – Updated: 2022-07-13 00:01
VLAI
Details

In code generated by BuildParcelFields of generate_cpp.cpp, there is a possible way for a crafted parcelable to reveal uninitialized memory of a target process due to uninitialized data. This could lead to local information disclosure across Binder transactions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-198346478

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-0966"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-15T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In code generated by BuildParcelFields of generate_cpp.cpp, there is a possible way for a crafted parcelable to reveal uninitialized memory of a target process due to uninitialized data. This could lead to local information disclosure across Binder transactions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-198346478",
  "id": "GHSA-f73v-rm28-j7c4",
  "modified": "2022-07-13T00:01:00Z",
  "published": "2021-12-16T00:01:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0966"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2021-12-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.