{"id":"ASB-A-225876506","details":"In process_service_search_rsp of sdp_discovery.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-225876506","CVE-2022-20445"],"modified":"2026-04-17T15:55:28.020024Z","published":"2022-11-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-11-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/83d9a99f1d469878bba45d5b1fad7174311f6cdd"}],"affected":[{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-11-01"}]}],"versions":["10"],"ecosystem_specific":{"types":["ID"],"severity":"High","fixes":["https://android.googlesource.com/platform/system/bt/+/18d69eb958493d4879786e2edb42ff4e60334a2f"],"vanir_signatures":[{"digest":{"length":1357,"function_hash":"214677880682482865561700894288717992832"},"source":"https://android.googlesource.com/platform/system/bt/+/18d69eb958493d4879786e2edb42ff4e60334a2f","signature_type":"Function","target":{"file":"stack/sdp/sdp_discovery.cc","function":"process_service_search_rsp"},"deprecated":false,"signature_version":"v1","id":"ASB-A-225876506-6b125250"},{"digest":{"line_hashes":["110629173430261047634653274356077522246","3086676120985718028309252445904192238","45515098642018986227259658136777715096","166089682084964583941119191231270104935"],"threshold":0.9},"source":"https://android.googlesource.com/platform/system/bt/+/18d69eb958493d4879786e2edb42ff4e60334a2f","signature_type":"Line","target":{"file":"stack/sdp/sdp_discovery.cc"},"deprecated":false,"signature_version":"v1","id":"ASB-A-225876506-b43c1db5"}],"spl":"2022-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-225876506.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-11-01"}]}],"versions":["11"],"ecosystem_specific":{"types":["ID"],"severity":"High","fixes":["https://android.googlesource.com/platform/system/bt/+/864460a945fe47b417def4017fb3d791e829753c"],"vanir_signatures":[{"digest":{"length":1357,"function_hash":"214677880682482865561700894288717992832"},"source":"https://android.googlesource.com/platform/system/bt/+/864460a945fe47b417def4017fb3d791e829753c","signature_type":"Function","target":{"file":"stack/sdp/sdp_discovery.cc","function":"process_service_search_rsp"},"deprecated":false,"signature_version":"v1","id":"ASB-A-225876506-b7017dd7"},{"digest":{"line_hashes":["110629173430261047634653274356077522246","3086676120985718028309252445904192238","45515098642018986227259658136777715096","166089682084964583941119191231270104935"],"threshold":0.9},"source":"https://android.googlesource.com/platform/system/bt/+/864460a945fe47b417def4017fb3d791e829753c","signature_type":"Line","target":{"file":"stack/sdp/sdp_discovery.cc"},"deprecated":false,"signature_version":"v1","id":"ASB-A-225876506-bb79b1cb"}],"spl":"2022-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-225876506.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-11-01"}]}],"versions":["12"],"ecosystem_specific":{"types":["ID"],"severity":"High","fixes":["https://android.googlesource.com/platform/system/bt/+/eac9616fc32f0bf40d2d2e6d1ff7b453edffc01c"],"vanir_signatures":[{"digest":{"length":1357,"function_hash":"214677880682482865561700894288717992832"},"source":"https://android.googlesource.com/platform/system/bt/+/eac9616fc32f0bf40d2d2e6d1ff7b453edffc01c","signature_type":"Function","target":{"file":"stack/sdp/sdp_discovery.cc","function":"process_service_search_rsp"},"deprecated":false,"signature_version":"v1","id":"ASB-A-225876506-6efb37bd"},{"digest":{"line_hashes":["110629173430261047634653274356077522246","3086676120985718028309252445904192238","45515098642018986227259658136777715096","166089682084964583941119191231270104935"],"threshold":0.9},"source":"https://android.googlesource.com/platform/system/bt/+/eac9616fc32f0bf40d2d2e6d1ff7b453edffc01c","signature_type":"Line","target":{"file":"stack/sdp/sdp_discovery.cc"},"deprecated":false,"signature_version":"v1","id":"ASB-A-225876506-c45fb94c"}],"spl":"2022-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-225876506.json"}},{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2022-11-01"}]}],"versions":["13"],"ecosystem_specific":{"types":["ID"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/96f108e8c381e744131dc2f021681b113d6e083b"],"vanir_signatures":[{"digest":{"length":1357,"function_hash":"214677880682482865561700894288717992832"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/96f108e8c381e744131dc2f021681b113d6e083b","signature_type":"Function","target":{"file":"system/stack/sdp/sdp_discovery.cc","function":"process_service_search_rsp"},"deprecated":false,"signature_version":"v1","id":"ASB-A-225876506-845d5f6d"},{"digest":{"line_hashes":["110629173430261047634653274356077522246","3086676120985718028309252445904192238","45515098642018986227259658136777715096","166089682084964583941119191231270104935"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/96f108e8c381e744131dc2f021681b113d6e083b","signature_type":"Line","target":{"file":"system/stack/sdp/sdp_discovery.cc"},"deprecated":false,"signature_version":"v1","id":"ASB-A-225876506-d24a7fde"}],"spl":"2022-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-225876506.json"}}],"schema_version":"1.7.5"}