{"id":"ASB-A-242299736","details":"In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-242299736","CVE-2023-20966"],"modified":"2026-04-30T15:48:46.890647Z","published":"2023-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-03-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/external/zli+/1c4806afd7ae034aa9f86df35d4341a0b175a90a"}],"affected":[{"package":{"name":"platform/external/zlib","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-03-01"}]}],"versions":["13-next"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-242299736-135dfe05","target":{"file":"contrib/optimizations/inflate.c"},"source":"https://android.googlesource.com/platform/external/zlib/+/e754d32adb747041bdd27bd971d27fa6bc44108d","digest":{"threshold":0.9,"line_hashes":["158253382744967794372166426227829451328","208646129568712116042670616434092925745","267897132422978847766130599021982102399","89021460256006972424927287623588351745","257784892650917064621950304120855216852"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-242299736-e7e5790c","target":{"file":"inflate.c"},"source":"https://android.googlesource.com/platform/external/zlib/+/e754d32adb747041bdd27bd971d27fa6bc44108d","digest":{"threshold":0.9,"line_hashes":["158253382744967794372166426227829451328","208646129568712116042670616434092925745","267897132422978847766130599021982102399","89021460256006972424927287623588351745","257784892650917064621950304120855216852"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/external/zlib/+/e754d32adb747041bdd27bd971d27fa6bc44108d"],"spl":"2023-03-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-242299736.json"}},{"package":{"name":"platform/external/zlib","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-03-01"}]}],"versions":["11"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-242299736-77f88dd7","target":{"file":"contrib/optimizations/inflate.c"},"source":"https://android.googlesource.com/platform/external/zlib/+/1c4806afd7ae034aa9f86df35d4341a0b175a90a","digest":{"threshold":0.9,"line_hashes":["158253382744967794372166426227829451328","208646129568712116042670616434092925745","267897132422978847766130599021982102399","89021460256006972424927287623588351745","257784892650917064621950304120855216852"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-242299736-fd5674b1","target":{"file":"inflate.c"},"source":"https://android.googlesource.com/platform/external/zlib/+/1c4806afd7ae034aa9f86df35d4341a0b175a90a","digest":{"threshold":0.9,"line_hashes":["158253382744967794372166426227829451328","208646129568712116042670616434092925745","267897132422978847766130599021982102399","89021460256006972424927287623588351745","257784892650917064621950304120855216852"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/external/zlib/+/1c4806afd7ae034aa9f86df35d4341a0b175a90a"],"spl":"2023-03-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-242299736.json"}},{"package":{"name":"platform/external/zlib","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-03-01"}]}],"versions":["12"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-242299736-48403612","target":{"file":"contrib/optimizations/inflate.c"},"source":"https://android.googlesource.com/platform/external/zlib/+/172924248227e1da88a8e963c18dc6f38b725f7a","digest":{"threshold":0.9,"line_hashes":["158253382744967794372166426227829451328","208646129568712116042670616434092925745","267897132422978847766130599021982102399","89021460256006972424927287623588351745","257784892650917064621950304120855216852"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-242299736-96eb1dc5","target":{"file":"inflate.c"},"source":"https://android.googlesource.com/platform/external/zlib/+/172924248227e1da88a8e963c18dc6f38b725f7a","digest":{"threshold":0.9,"line_hashes":["158253382744967794372166426227829451328","208646129568712116042670616434092925745","267897132422978847766130599021982102399","89021460256006972424927287623588351745","257784892650917064621950304120855216852"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/external/zlib/+/172924248227e1da88a8e963c18dc6f38b725f7a"],"spl":"2023-03-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-242299736.json"}},{"package":{"name":"platform/external/zlib","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-03-01"}]}],"versions":["12L"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-242299736-65a7eba0","target":{"file":"inflate.c"},"source":"https://android.googlesource.com/platform/external/zlib/+/5abcd199d3375a20b650ce4b7f8a1bb84469cefd","digest":{"threshold":0.9,"line_hashes":["158253382744967794372166426227829451328","208646129568712116042670616434092925745","267897132422978847766130599021982102399","89021460256006972424927287623588351745","257784892650917064621950304120855216852"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-242299736-84a433ec","target":{"file":"contrib/optimizations/inflate.c"},"source":"https://android.googlesource.com/platform/external/zlib/+/5abcd199d3375a20b650ce4b7f8a1bb84469cefd","digest":{"threshold":0.9,"line_hashes":["158253382744967794372166426227829451328","208646129568712116042670616434092925745","267897132422978847766130599021982102399","89021460256006972424927287623588351745","257784892650917064621950304120855216852"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/external/zlib/+/5abcd199d3375a20b650ce4b7f8a1bb84469cefd"],"spl":"2023-03-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-242299736.json"}},{"package":{"name":"platform/external/zlib","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-03-01"}]}],"versions":["13"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-242299736-1bc72bde","target":{"file":"contrib/optimizations/inflate.c"},"source":"https://android.googlesource.com/platform/external/zlib/+/e5a6e35a651c42d3a813e24af1000a3163da8a1b","digest":{"threshold":0.9,"line_hashes":["158253382744967794372166426227829451328","208646129568712116042670616434092925745","267897132422978847766130599021982102399","89021460256006972424927287623588351745","257784892650917064621950304120855216852"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-242299736-f1b644c5","target":{"file":"inflate.c"},"source":"https://android.googlesource.com/platform/external/zlib/+/e5a6e35a651c42d3a813e24af1000a3163da8a1b","digest":{"threshold":0.9,"line_hashes":["158253382744967794372166426227829451328","208646129568712116042670616434092925745","267897132422978847766130599021982102399","89021460256006972424927287623588351745","257784892650917064621950304120855216852"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/external/zlib/+/e5a6e35a651c42d3a813e24af1000a3163da8a1b"],"spl":"2023-03-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-242299736.json"}}],"schema_version":"1.7.5"}