{"id":"ASB-A-239210579","details":"In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-239210579","CVE-2022-20472"],"modified":"2026-05-25T16:46:24.913870386Z","published":"2022-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/minikin/+/b215af1ecb2d5e9cec23444978fccc72d3821c98"}],"affected":[{"package":{"name":"platform/frameworks/minikin","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-12-01"}]}],"versions":["10"],"ecosystem_specific":{"vanir_signatures":[{"deprecated":false,"target":{"file":"libs/minikin/LocaleListCache.cpp","function":"toLanguageTag"},"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/minikin/+/d8a427cc9c8a722b0911af5139b10b0a6aeb0e03","id":"ASB-A-239210579-be0859dd","digest":{"function_hash":"152948757818298646151844135874724150576","length":1060}},{"deprecated":false,"target":{"file":"libs/minikin/LocaleListCache.cpp"},"signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/minikin/+/d8a427cc9c8a722b0911af5139b10b0a6aeb0e03","id":"ASB-A-239210579-c3e08b40","digest":{"threshold":0.9,"line_hashes":["311606954623645014405006219303463805465","241199747390157345748406894549090239946","285900964479397606537853783197812129489","197897737091753768722222239047080504598","71759189750102407818191791820821522474","157532236812911576354397536908371080903","292516064325142511290277124646580853728","100923073751965899328259216077403220810"]}}],"spl":"2022-12-01","severity":"Critical","types":["RCE"],"fixes":["https://android.googlesource.com/platform/frameworks/minikin/+/d8a427cc9c8a722b0911af5139b10b0a6aeb0e03"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-239210579.json"}},{"package":{"name":"platform/frameworks/minikin","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-12-01"}]}],"versions":["11"],"ecosystem_specific":{"vanir_signatures":[{"deprecated":false,"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["311606954623645014405006219303463805465","241199747390157345748406894549090239946","285900964479397606537853783197812129489","197897737091753768722222239047080504598","71759189750102407818191791820821522474","157532236812911576354397536908371080903","292516064325142511290277124646580853728","100923073751965899328259216077403220810"]},"source":"https://android.googlesource.com/platform/frameworks/minikin/+/df1b59a77619ce831d8e5078c125cc2557a9ea35","target":{"file":"libs/minikin/LocaleListCache.cpp"},"id":"ASB-A-239210579-5e49c3b5"},{"deprecated":false,"signature_version":"v1","signature_type":"Function","id":"ASB-A-239210579-9604c377","source":"https://android.googlesource.com/platform/frameworks/minikin/+/df1b59a77619ce831d8e5078c125cc2557a9ea35","target":{"file":"libs/minikin/LocaleListCache.cpp","function":"toLanguageTag"},"digest":{"function_hash":"44544224249926763090065890534562730262","length":1148}}],"severity":"Critical","fixes":["https://android.googlesource.com/platform/frameworks/minikin/+/df1b59a77619ce831d8e5078c125cc2557a9ea35"],"types":["RCE"],"spl":"2022-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-239210579.json"}},{"package":{"name":"platform/frameworks/minikin","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-12-01"}]}],"versions":["12"],"ecosystem_specific":{"vanir_signatures":[{"deprecated":false,"target":{"file":"libs/minikin/LocaleListCache.cpp"},"signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/minikin/+/fde7f4a25ca4f1405bea3816c71cea64d80a9c81","id":"ASB-A-239210579-28e85dc8","digest":{"threshold":0.9,"line_hashes":["311606954623645014405006219303463805465","241199747390157345748406894549090239946","285900964479397606537853783197812129489","197897737091753768722222239047080504598","71759189750102407818191791820821522474","157532236812911576354397536908371080903","292516064325142511290277124646580853728","100923073751965899328259216077403220810"]}},{"deprecated":false,"signature_version":"v1","signature_type":"Function","target":{"file":"libs/minikin/LocaleListCache.cpp","function":"toLanguageTag"},"source":"https://android.googlesource.com/platform/frameworks/minikin/+/fde7f4a25ca4f1405bea3816c71cea64d80a9c81","id":"ASB-A-239210579-72f10ff2","digest":{"function_hash":"44544224249926763090065890534562730262","length":1148}}],"types":["RCE"],"spl":"2022-12-01","severity":"Critical","fixes":["https://android.googlesource.com/platform/frameworks/minikin/+/fde7f4a25ca4f1405bea3816c71cea64d80a9c81"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-239210579.json"}},{"package":{"name":"platform/frameworks/minikin","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-12-01"}]}],"versions":["12L"],"ecosystem_specific":{"vanir_signatures":[{"deprecated":false,"signature_version":"v1","signature_type":"Function","target":{"file":"libs/minikin/LocaleListCache.cpp","function":"toLanguageTag"},"source":"https://android.googlesource.com/platform/frameworks/minikin/+/c2380d94c6ed84542dd201c039a079cbf927bd24","id":"ASB-A-239210579-5f962a9b","digest":{"function_hash":"44544224249926763090065890534562730262","length":1148}},{"deprecated":false,"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["311606954623645014405006219303463805465","241199747390157345748406894549090239946","285900964479397606537853783197812129489","197897737091753768722222239047080504598","71759189750102407818191791820821522474","157532236812911576354397536908371080903","292516064325142511290277124646580853728","100923073751965899328259216077403220810"]},"source":"https://android.googlesource.com/platform/frameworks/minikin/+/c2380d94c6ed84542dd201c039a079cbf927bd24","target":{"file":"libs/minikin/LocaleListCache.cpp"},"id":"ASB-A-239210579-a1d5b13c"}],"types":["RCE"],"spl":"2022-12-01","severity":"Critical","fixes":["https://android.googlesource.com/platform/frameworks/minikin/+/c2380d94c6ed84542dd201c039a079cbf927bd24"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-239210579.json"}},{"package":{"name":"platform/frameworks/minikin","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2022-12-01"}]}],"versions":["13"],"ecosystem_specific":{"vanir_signatures":[{"deprecated":false,"target":{"file":"libs/minikin/LocaleListCache.cpp"},"signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/minikin/+/d5d0c70c3c73167a6564dc3e8843ab1f567b4676","id":"ASB-A-239210579-248e174e","digest":{"threshold":0.9,"line_hashes":["311606954623645014405006219303463805465","241199747390157345748406894549090239946","285900964479397606537853783197812129489","197897737091753768722222239047080504598","71759189750102407818191791820821522474","157532236812911576354397536908371080903","292516064325142511290277124646580853728","100923073751965899328259216077403220810"]}},{"deprecated":false,"signature_version":"v1","signature_type":"Function","id":"ASB-A-239210579-e3bb318f","source":"https://android.googlesource.com/platform/frameworks/minikin/+/d5d0c70c3c73167a6564dc3e8843ab1f567b4676","target":{"file":"libs/minikin/LocaleListCache.cpp","function":"toLanguageTag"},"digest":{"function_hash":"44544224249926763090065890534562730262","length":1148}}],"severity":"Critical","fixes":["https://android.googlesource.com/platform/frameworks/minikin/+/d5d0c70c3c73167a6564dc3e8843ab1f567b4676"],"types":["RCE"],"spl":"2022-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-239210579.json"}}],"schema_version":"1.7.5"}