{"id":"ASB-A-171966843","details":"In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to a local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-171966843","CVE-2022-20338"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2023-05-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-05-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/e082ece64fc7d8631048fbe0ff7f3125a65e123f"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-05-01"}]}],"versions":["13-next"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/f37a94ae920fa5879c557603fc285942ec4b84b1"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/f37a94ae920fa5879c557603fc285942ec4b84b1","target":{"file":"core/java/android/net/Uri.java"},"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["217293375901536488373202122972823323969","64913045587930263071620006027114995635","133802527225369483754931688542697427099","160009536855085451358753916392621805401","108665550764986394327745700644898793881","238342223150607425782371454756028319372","285677272714058008081533384476939390622","213183156118135730613894113137757047267","191618998247855941167627426111353121754","229221336185881681659960120095347110956","214877076543316569988414134525175557655","300917551157252855785981741901753753877","62817408602554622937841706145635928073"]},"deprecated":false,"id":"ASB-A-171966843-9057e044"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/f37a94ae920fa5879c557603fc285942ec4b84b1","target":{"function":"readFrom","file":"core/java/android/net/Uri.java"},"signature_version":"v1","signature_type":"Function","digest":{"length":197,"function_hash":"40263653748956335830809431209081902639"},"deprecated":false,"id":"ASB-A-171966843-e47c4ece"}],"spl":"2023-05-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-171966843.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-05-01"}]}],"versions":["11"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/c87f0623be4042c39a9b73f7a6e02aa116925e50"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/c87f0623be4042c39a9b73f7a6e02aa116925e50","target":{"file":"core/java/android/net/Uri.java"},"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["217293375901536488373202122972823323969","64913045587930263071620006027114995635","133802527225369483754931688542697427099","160009536855085451358753916392621805401","108665550764986394327745700644898793881","238342223150607425782371454756028319372","285677272714058008081533384476939390622","213183156118135730613894113137757047267","191618998247855941167627426111353121754","229221336185881681659960120095347110956","214877076543316569988414134525175557655","119157369104391389495237517514297622080","210632989439468116936103427892354174345"]},"deprecated":false,"id":"ASB-A-171966843-8faec97e"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/c87f0623be4042c39a9b73f7a6e02aa116925e50","target":{"file":"core/java/android/net/Uri.java","function":"readFrom"},"signature_version":"v1","signature_type":"Function","digest":{"length":197,"function_hash":"40263653748956335830809431209081902639"},"deprecated":false,"id":"ASB-A-171966843-b680b350"}],"spl":"2023-05-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-171966843.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-05-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/d83281c73070f2428754912ede95ecb0e3d69cd5"],"spl":"2023-05-01","vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/d83281c73070f2428754912ede95ecb0e3d69cd5","target":{"function":"readFrom","file":"core/java/android/net/Uri.java"},"signature_version":"v1","signature_type":"Function","digest":{"length":197,"function_hash":"40263653748956335830809431209081902639"},"deprecated":false,"id":"ASB-A-171966843-650176e1"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/d83281c73070f2428754912ede95ecb0e3d69cd5","target":{"file":"core/java/android/net/Uri.java"},"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["217293375901536488373202122972823323969","64913045587930263071620006027114995635","133802527225369483754931688542697427099","160009536855085451358753916392621805401","108665550764986394327745700644898793881","238342223150607425782371454756028319372","285677272714058008081533384476939390622","213183156118135730613894113137757047267","191618998247855941167627426111353121754","229221336185881681659960120095347110956","214877076543316569988414134525175557655","300917551157252855785981741901753753877","62817408602554622937841706145635928073"]},"deprecated":false,"id":"ASB-A-171966843-e4869c7c"}],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-171966843.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-05-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/dcc1fb8e8be12324e1a8277023955d9f92cd5626"],"spl":"2023-05-01","vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/dcc1fb8e8be12324e1a8277023955d9f92cd5626","target":{"function":"readFrom","file":"core/java/android/net/Uri.java"},"signature_version":"v1","signature_type":"Function","digest":{"length":197,"function_hash":"40263653748956335830809431209081902639"},"deprecated":false,"id":"ASB-A-171966843-9c48c1b9"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/dcc1fb8e8be12324e1a8277023955d9f92cd5626","target":{"file":"core/java/android/net/Uri.java"},"signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["217293375901536488373202122972823323969","64913045587930263071620006027114995635","133802527225369483754931688542697427099","160009536855085451358753916392621805401","108665550764986394327745700644898793881","238342223150607425782371454756028319372","285677272714058008081533384476939390622","213183156118135730613894113137757047267","191618998247855941167627426111353121754","229221336185881681659960120095347110956","214877076543316569988414134525175557655","300917551157252855785981741901753753877","62817408602554622937841706145635928073"],"threshold":0.9},"deprecated":false,"id":"ASB-A-171966843-cf0e9b9e"}],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-171966843.json"}}],"schema_version":"1.7.5"}