{"id":"ASB-A-205570663","details":"In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-205570663","CVE-2022-20410"],"modified":"2026-05-25T16:46:24.913870386Z","published":"2022-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-10-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/089b7e344fc6b8a342278ec82ea31b74c1532d86"}],"affected":[{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-10-01"}]}],"versions":["10"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/96ef1fc9cbe38f1224b4e4a2dca3ecfb44a6aece"],"vanir_signatures":[{"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["53851562581457439053319150279614511705","28371810934832898202729681298911626759","1038927059233479462940346190604856113"]},"id":"ASB-A-205570663-5091fa9b","deprecated":false,"target":{"file":"stack/test/stack_avrcp_test.cc"},"source":"https://android.googlesource.com/platform/system/bt/+/96ef1fc9cbe38f1224b4e4a2dca3ecfb44a6aece"},{"source":"https://android.googlesource.com/platform/system/bt/+/96ef1fc9cbe38f1224b4e4a2dca3ecfb44a6aece","target":{"function":"avrc_pars_browse_rsp","file":"stack/avrc/avrc_pars_ct.cc"},"digest":{"length":7320,"function_hash":"92219160472489548622221663059819042208"},"signature_version":"v1","deprecated":false,"signature_type":"Function","id":"ASB-A-205570663-813159a3"},{"signature_version":"v1","signature_type":"Function","digest":{"length":9897,"function_hash":"292198416997601795162240660694263142047"},"id":"ASB-A-205570663-b881c95f","deprecated":false,"target":{"function":"avrc_ctrl_pars_vendor_rsp","file":"stack/avrc/avrc_pars_ct.cc"},"source":"https://android.googlesource.com/platform/system/bt/+/96ef1fc9cbe38f1224b4e4a2dca3ecfb44a6aece"},{"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["63583063595761140445482535452589672429","68410126764287957455050860694611700816","259940881132413122271356701085610463946","256589493414692726532016141215428481876","191780761388653028100331694163962438138","227368121575231130679150458873269756327","284618433328015474291936650139298165875","201856332268137352919152824968009853259","89865430647722801759415086903173574258","316722222297529422587946003080859842411","133836755153463298081038162834729496614","7669396494182478580668665439355794079","36341816297097638823385752921161426396","268282454438475565898807743029970304883","239866384995723808097547875075006491138","51381993229652904914554255928572124248","112727163075927763606166442381030959436","301463966112709557639663298463362444321","107852372975393639626537855372490326713"]},"id":"ASB-A-205570663-f8ae376b","deprecated":false,"target":{"file":"stack/avrc/avrc_pars_ct.cc"},"source":"https://android.googlesource.com/platform/system/bt/+/96ef1fc9cbe38f1224b4e4a2dca3ecfb44a6aece"}],"types":["ID"],"severity":"High","spl":"2022-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-205570663.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-10-01"}]}],"versions":["11"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/53aff7d1e018c5d5f4eb5d09eecfaad760e92ec4"],"vanir_signatures":[{"target":{"function":"avrc_ctrl_pars_vendor_rsp","file":"stack/avrc/avrc_pars_ct.cc"},"source":"https://android.googlesource.com/platform/system/bt/+/53aff7d1e018c5d5f4eb5d09eecfaad760e92ec4","digest":{"length":9902,"function_hash":"212237906486955620618367297289880682168"},"signature_version":"v1","signature_type":"Function","match_only_versions":["11"],"id":"ASB-A-205570663-05723f9e","deprecated":true},{"id":"ASB-A-205570663-29a3abcc","target":{"file":"stack/avrc/avrc_pars_ct.cc"},"digest":{"threshold":0.9,"line_hashes":["63583063595761140445482535452589672429","68410126764287957455050860694611700816","259940881132413122271356701085610463946","256589493414692726532016141215428481876","191780761388653028100331694163962438138","227368121575231130679150458873269756327","284618433328015474291936650139298165875","201856332268137352919152824968009853259","89865430647722801759415086903173574258","316722222297529422587946003080859842411","191780761388653028100331694163962438138","227368121575231130679150458873269756327","284618433328015474291936650139298165875","59531908524829764323093178824293519953","89865430647722801759415086903173574258","74044567333134222198116207824982572185","133836755153463298081038162834729496614","7669396494182478580668665439355794079","36341816297097638823385752921161426396","268282454438475565898807743029970304883","239866384995723808097547875075006491138","51381993229652904914554255928572124248","112727163075927763606166442381030959436","301463966112709557639663298463362444321","107852372975393639626537855372490326713"]},"source":"https://android.googlesource.com/platform/system/bt/+/53aff7d1e018c5d5f4eb5d09eecfaad760e92ec4","deprecated":true,"signature_version":"v1","signature_type":"Line"},{"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["53851562581457439053319150279614511705","28371810934832898202729681298911626759","1038927059233479462940346190604856113"]},"id":"ASB-A-205570663-36345f6f","deprecated":true,"target":{"file":"stack/test/stack_avrcp_test.cc"},"source":"https://android.googlesource.com/platform/system/bt/+/53aff7d1e018c5d5f4eb5d09eecfaad760e92ec4"},{"target":{"function":"avrc_pars_browse_rsp","file":"stack/avrc/avrc_pars_ct.cc"},"source":"https://android.googlesource.com/platform/system/bt/+/53aff7d1e018c5d5f4eb5d09eecfaad760e92ec4","signature_version":"v1","digest":{"length":8324,"function_hash":"133510049867979634507106659682574747103"},"signature_type":"Function","match_only_versions":["11"],"id":"ASB-A-205570663-3ae3978f","deprecated":true}],"types":["ID"],"severity":"High","spl":"2022-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-205570663.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-10-01"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/e2c21c42444943be338d943cc8fbc5b88a5b9f3a"],"types":["ID"],"vanir_signatures":[{"target":{"function":"avrc_pars_browse_rsp","file":"stack/avrc/avrc_pars_ct.cc"},"source":"https://android.googlesource.com/platform/system/bt/+/e2c21c42444943be338d943cc8fbc5b88a5b9f3a","match_only_versions":["12"],"id":"ASB-A-205570663-07b48cdd","signature_type":"Function","digest":{"length":8324,"function_hash":"133510049867979634507106659682574747103"},"signature_version":"v1","deprecated":true},{"target":{"function":"avrc_ctrl_pars_vendor_rsp","file":"stack/avrc/avrc_pars_ct.cc"},"source":"https://android.googlesource.com/platform/system/bt/+/e2c21c42444943be338d943cc8fbc5b88a5b9f3a","signature_version":"v1","digest":{"length":9902,"function_hash":"212237906486955620618367297289880682168"},"signature_type":"Function","match_only_versions":["12"],"id":"ASB-A-205570663-4a742b84","deprecated":true},{"source":"https://android.googlesource.com/platform/system/bt/+/e2c21c42444943be338d943cc8fbc5b88a5b9f3a","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["63583063595761140445482535452589672429","68410126764287957455050860694611700816","259940881132413122271356701085610463946","256589493414692726532016141215428481876","191780761388653028100331694163962438138","227368121575231130679150458873269756327","284618433328015474291936650139298165875","201856332268137352919152824968009853259","89865430647722801759415086903173574258","316722222297529422587946003080859842411","191780761388653028100331694163962438138","227368121575231130679150458873269756327","284618433328015474291936650139298165875","59531908524829764323093178824293519953","89865430647722801759415086903173574258","74044567333134222198116207824982572185","133836755153463298081038162834729496614","7669396494182478580668665439355794079","36341816297097638823385752921161426396","268282454438475565898807743029970304883","239866384995723808097547875075006491138","51381993229652904914554255928572124248","112727163075927763606166442381030959436","301463966112709557639663298463362444321","107852372975393639626537855372490326713"]},"id":"ASB-A-205570663-80d2d33d","deprecated":true,"signature_version":"v1","target":{"file":"stack/avrc/avrc_pars_ct.cc"}},{"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["53851562581457439053319150279614511705","28371810934832898202729681298911626759","1038927059233479462940346190604856113"]},"id":"ASB-A-205570663-d2cdfb3c","deprecated":true,"target":{"file":"stack/test/stack_avrcp_test.cc"},"source":"https://android.googlesource.com/platform/system/bt/+/e2c21c42444943be338d943cc8fbc5b88a5b9f3a"}],"severity":"High","spl":"2022-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-205570663.json"}},{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2022-10-01"}]}],"versions":["13"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62e29ee6f52d995cdace2d1ef8880c11831135fc"],"vanir_signatures":[{"target":{"file":"system/stack/avrc/avrc_pars_ct.cc"},"exact_target_file_match_only":true,"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62e29ee6f52d995cdace2d1ef8880c11831135fc","id":"ASB-A-205570663-2e57a38f","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["63583063595761140445482535452589672429","68410126764287957455050860694611700816","259940881132413122271356701085610463946","256589493414692726532016141215428481876","191780761388653028100331694163962438138","227368121575231130679150458873269756327","284618433328015474291936650139298165875","201856332268137352919152824968009853259","89865430647722801759415086903173574258","316722222297529422587946003080859842411","191780761388653028100331694163962438138","227368121575231130679150458873269756327","284618433328015474291936650139298165875","59531908524829764323093178824293519953","89865430647722801759415086903173574258","74044567333134222198116207824982572185","133836755153463298081038162834729496614","7669396494182478580668665439355794079","36341816297097638823385752921161426396","268282454438475565898807743029970304883","239866384995723808097547875075006491138","51381993229652904914554255928572124248","112727163075927763606166442381030959436","301463966112709557639663298463362444321","107852372975393639626537855372490326713"]},"signature_version":"v1","deprecated":true},{"target":{"function":"avrc_ctrl_pars_vendor_rsp","file":"system/stack/avrc/avrc_pars_ct.cc"},"exact_target_file_match_only":true,"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62e29ee6f52d995cdace2d1ef8880c11831135fc","id":"ASB-A-205570663-6381efcb","signature_type":"Function","digest":{"length":9902,"function_hash":"212237906486955620618367297289880682168"},"signature_version":"v1","deprecated":true},{"target":{"function":"avrc_pars_browse_rsp","file":"system/stack/avrc/avrc_pars_ct.cc"},"exact_target_file_match_only":true,"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62e29ee6f52d995cdace2d1ef8880c11831135fc","id":"ASB-A-205570663-8a24dd48","signature_type":"Function","digest":{"length":8324,"function_hash":"133510049867979634507106659682574747103"},"signature_version":"v1","deprecated":true},{"target":{"file":"system/stack/test/stack_avrcp_test.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/62e29ee6f52d995cdace2d1ef8880c11831135fc","exact_target_file_match_only":true,"id":"ASB-A-205570663-b93a306f","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["53851562581457439053319150279614511705","28371810934832898202729681298911626759","1038927059233479462940346190604856113"]},"signature_version":"v1","deprecated":true}],"types":["ID"],"severity":"High","spl":"2022-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-205570663.json"}}],"schema_version":"1.7.5"}