{"id":"ASB-A-198346478","details":"In code generated by BuildParcelFields of generate_cpp.cpp, there is a possible way for a crafted parcelable to reveal uninitialized memory of a target process due to uninitialized data. This could lead to local information disclosure across Binder transactions with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-198346478","CVE-2021-0966"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2021-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-12-01"}],"affected":[{"package":{"name":"platform/system/tools/aidl","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2021-12-01"}]}],"versions":["11"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"target":{"file":"generate_cpp.cpp"},"source":"https://android.googlesource.com/platform/system/tools/aidl/+/f2e752316b0d9d2708bc56d20c1649e704bca030","signature_version":"v1","deprecated":false,"digest":{"line_hashes":["312820962761557008148303880221382425359","23823734065005563513966409513642516805","33002857817697896316689490743289806656","39714594035538264493668839179804785235"],"threshold":0.9},"id":"ASB-A-198346478-206c067d","signature_type":"Line"},{"target":{"function":"BuildParcelHeader","file":"generate_cpp.cpp"},"digest":{"length":2239,"function_hash":"326601426788344758004763648233943715918"},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/tools/aidl/+/f2e752316b0d9d2708bc56d20c1649e704bca030","id":"ASB-A-198346478-428f4e0b","signature_type":"Function"},{"target":{"file":"generate_ndk.cpp"},"digest":{"line_hashes":["129378056618984160971364387354311187123","178003074383539396753051710658857581258","225238775845769716849799452850860555295","273028201806421038180591682801863800162"],"threshold":0.9},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/tools/aidl/+/f2e752316b0d9d2708bc56d20c1649e704bca030","id":"ASB-A-198346478-640953c0","signature_type":"Line"},{"target":{"function":"GenerateParcelHeader","file":"generate_ndk.cpp"},"digest":{"length":992,"function_hash":"222524032315743326666284216788730707453"},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/tools/aidl/+/f2e752316b0d9d2708bc56d20c1649e704bca030","id":"ASB-A-198346478-741a9d9f","signature_type":"Function"}],"spl":"2021-12-01","fixes":["https://android.googlesource.com/platform/system/tools/aidl/+/f2e752316b0d9d2708bc56d20c1649e704bca030"],"types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-198346478.json"}},{"package":{"name":"platform/system/tools/aidl","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2021-12-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"target":{"file":"generate_cpp.cpp"},"source":"https://android.googlesource.com/platform/system/tools/aidl/+/8f9de735cc768434fe35e683d8140ccc6c70a088","signature_version":"v1","deprecated":false,"digest":{"line_hashes":["264802842146083026036916011199573792850","204040046010545831252756766834823289204","6806657853291627825636324932845214010","294743258619582016492104830905565405228"],"threshold":0.9},"id":"ASB-A-198346478-05cb5868","signature_type":"Line"},{"target":{"file":"generate_ndk.cpp"},"source":"https://android.googlesource.com/platform/system/tools/aidl/+/8f9de735cc768434fe35e683d8140ccc6c70a088","signature_version":"v1","deprecated":false,"digest":{"line_hashes":["113279781244028926090189194923672148444","74391618858168488632270844761742943164","225238775845769716849799452850860555295","273028201806421038180591682801863800162"],"threshold":0.9},"id":"ASB-A-198346478-578ddbc8","signature_type":"Line"},{"target":{"file":"tests/golden_output/aidl-test-interface-cpp-source/gen/include/android/aidl/tests/StructuredParcelable.h"},"digest":{"line_hashes":["250718133067864697922945017348274298643","52372194918281449002100330847136220109","98496241369463802619853693648845541680","84516898486546100705879329204325126564","60549146341320380808439822386520322686","66087812960287637138850269813056259827","186747283850515549722558151870431505928","159916955571046314316531372104725995262","311303759342704408277996765929478986244","244389655537552032501284148424871825216","68076576393139126643742075043240320347","110191790375250089414103832924326854985","138123917172604772914053740305500257301","12320108308049293518580822616258861105","322788696425952919733109864849010772609","111790049379499682798059568367686923797","112348007897370324614304973623611181556","128765566414775141195211131112138987698","119864308726076405577909097788658756970"],"threshold":0.9},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/tools/aidl/+/8f9de735cc768434fe35e683d8140ccc6c70a088","id":"ASB-A-198346478-5d639350","signature_type":"Line"},{"target":{"file":"tests/golden_output/aidl-test-interface-ndk_platform-source/gen/include/aidl/android/aidl/tests/StructuredParcelable.h"},"digest":{"line_hashes":["66967101736838554154680316481538631836","236251703838020997560660639668582255895","45845238726788281392925421476760920617","152650760950779136808616691559163958565","332435470753299164675451992494096568721","92259272660562283691011302569012975336","48288453470048448400082083847194364666","189681335721922647839436997093688526830","161979024677520046017255690135461073012","222165546359451352255176667446033045892","177862384560001095647430931807351745316","275560139398974124159070503857220187967","280219198516595038208414537672341683764","292316102031252907198125093355093200083","7477696309102365821669176671113444918","189883291931785653866654619149685023814","61427490000947264933972889040432958511","288218642560871932972797989426715939544","297835768597214604458524111445427079728"],"threshold":0.9},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/tools/aidl/+/8f9de735cc768434fe35e683d8140ccc6c70a088","id":"ASB-A-198346478-b1825f5b","signature_type":"Line"},{"target":{"function":"BuildParcelFields","file":"generate_cpp.cpp"},"digest":{"length":755,"function_hash":"284803375110470307090192299003511583373"},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/tools/aidl/+/8f9de735cc768434fe35e683d8140ccc6c70a088","id":"ASB-A-198346478-dd304f6a","signature_type":"Function"},{"target":{"function":"GenerateParcelHeader","file":"generate_ndk.cpp"},"digest":{"length":2088,"function_hash":"336089501090492204401183314771489846266"},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/tools/aidl/+/8f9de735cc768434fe35e683d8140ccc6c70a088","id":"ASB-A-198346478-f8e048a4","signature_type":"Function"}],"spl":"2021-12-01","fixes":["https://android.googlesource.com/platform/system/tools/aidl/+/8f9de735cc768434fe35e683d8140ccc6c70a088"],"types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-198346478.json"}}],"schema_version":"1.7.5"}