{"id":"ASB-A-252763983","details":"In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-252763983","CVE-2023-21112"],"modified":"2026-05-29T15:55:33.750044621Z","published":"2023-05-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-05-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/a20d5962d9350409204535b145826a41a7a3262d"}],"affected":[{"package":{"name":"platform/hardware/nxp/nfc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-05-01"}]}],"versions":["13-next"],"ecosystem_specific":{"types":["ID"],"vanir_signatures":[{"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/69c53a6f1bca6d450e5100c1044114ffad615e5c","signature_type":"Function","digest":{"length":1390,"function_hash":"217768603380171297613270030606270843987"},"id":"ASB-A-252763983-08628712","target":{"function":"NxpMfcReader::AnalyzeMfcResp","file":"snxxx/halimpl/mifare/NxpMfcReader.cc"}},{"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/69c53a6f1bca6d450e5100c1044114ffad615e5c","signature_type":"Function","digest":{"length":1390,"function_hash":"217768603380171297613270030606270843987"},"id":"ASB-A-252763983-6c8b5605","target":{"function":"NxpMfcReader::AnalyzeMfcResp","file":"pn8x/halimpl/mifare/NxpMfcReader.cc"}},{"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/69c53a6f1bca6d450e5100c1044114ffad615e5c","digest":{"line_hashes":["64284978509830298798730183538658890155","161084689393964153539491505797652199006","252132195742022893447742066666725943805","126108868847444204655071566216860054307"],"threshold":0.9},"signature_type":"Line","id":"ASB-A-252763983-76b70cae","target":{"file":"pn8x/halimpl/mifare/NxpMfcReader.cc"}},{"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/69c53a6f1bca6d450e5100c1044114ffad615e5c","digest":{"line_hashes":["64284978509830298798730183538658890155","161084689393964153539491505797652199006","252132195742022893447742066666725943805","126108868847444204655071566216860054307"],"threshold":0.9},"signature_type":"Line","id":"ASB-A-252763983-bb9dd33f","target":{"file":"snxxx/halimpl/mifare/NxpMfcReader.cc"}}],"severity":"High","spl":"2023-05-01","fixes":["https://android.googlesource.com/platform/hardware/nxp/nfc/+/69c53a6f1bca6d450e5100c1044114ffad615e5c"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-252763983.json"}},{"package":{"name":"platform/hardware/nxp/nfc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-05-01"}]}],"versions":["11"],"ecosystem_specific":{"types":["ID"],"vanir_signatures":[{"signature_version":"v1","id":"ASB-A-252763983-9b45cb74","source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/67e1db04f568cf50c90758272ceca93426aba932","digest":{"length":1390,"function_hash":"217768603380171297613270030606270843987"},"signature_type":"Function","deprecated":false,"target":{"function":"NxpMfcReader::AnalyzeMfcResp","file":"halimpl/mifare/NxpMfcReader.cc"}},{"signature_version":"v1","id":"ASB-A-252763983-efd04272","source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/67e1db04f568cf50c90758272ceca93426aba932","digest":{"line_hashes":["64284978509830298798730183538658890155","161084689393964153539491505797652199006","252132195742022893447742066666725943805","126108868847444204655071566216860054307"],"threshold":0.9},"signature_type":"Line","deprecated":false,"target":{"file":"halimpl/mifare/NxpMfcReader.cc"}}],"severity":"High","spl":"2023-05-01","fixes":["https://android.googlesource.com/platform/hardware/nxp/nfc/+/67e1db04f568cf50c90758272ceca93426aba932"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-252763983.json"}},{"package":{"name":"platform/hardware/nxp/nfc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-05-01"}]}],"versions":["12"],"ecosystem_specific":{"types":["ID"],"vanir_signatures":[{"signature_version":"v1","id":"ASB-A-252763983-16f7f721","source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/69c53a6f1bca6d450e5100c1044114ffad615e5c","signature_type":"Function","digest":{"length":1390,"function_hash":"217768603380171297613270030606270843987"},"deprecated":false,"target":{"function":"NxpMfcReader::AnalyzeMfcResp","file":"snxxx/halimpl/mifare/NxpMfcReader.cc"}},{"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/69c53a6f1bca6d450e5100c1044114ffad615e5c","signature_type":"Line","digest":{"line_hashes":["64284978509830298798730183538658890155","161084689393964153539491505797652199006","252132195742022893447742066666725943805","126108868847444204655071566216860054307"],"threshold":0.9},"id":"ASB-A-252763983-1c88b988","target":{"file":"pn8x/halimpl/mifare/NxpMfcReader.cc"}},{"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/69c53a6f1bca6d450e5100c1044114ffad615e5c","signature_type":"Function","digest":{"length":1390,"function_hash":"217768603380171297613270030606270843987"},"id":"ASB-A-252763983-e1952f90","target":{"function":"NxpMfcReader::AnalyzeMfcResp","file":"pn8x/halimpl/mifare/NxpMfcReader.cc"}},{"signature_version":"v1","id":"ASB-A-252763983-ec0f6685","source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/69c53a6f1bca6d450e5100c1044114ffad615e5c","signature_type":"Line","digest":{"line_hashes":["64284978509830298798730183538658890155","161084689393964153539491505797652199006","252132195742022893447742066666725943805","126108868847444204655071566216860054307"],"threshold":0.9},"deprecated":false,"target":{"file":"snxxx/halimpl/mifare/NxpMfcReader.cc"}}],"fixes":["https://android.googlesource.com/platform/hardware/nxp/nfc/+/69c53a6f1bca6d450e5100c1044114ffad615e5c"],"spl":"2023-05-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-252763983.json"}},{"package":{"name":"platform/hardware/nxp/nfc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-05-01"}]}],"versions":["12L"],"ecosystem_specific":{"types":["ID"],"vanir_signatures":[{"signature_version":"v1","id":"ASB-A-252763983-3d6c4ce5","source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/69c53a6f1bca6d450e5100c1044114ffad615e5c","digest":{"line_hashes":["64284978509830298798730183538658890155","161084689393964153539491505797652199006","252132195742022893447742066666725943805","126108868847444204655071566216860054307"],"threshold":0.9},"signature_type":"Line","deprecated":false,"target":{"file":"pn8x/halimpl/mifare/NxpMfcReader.cc"}},{"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/69c53a6f1bca6d450e5100c1044114ffad615e5c","digest":{"length":1390,"function_hash":"217768603380171297613270030606270843987"},"signature_type":"Function","id":"ASB-A-252763983-732c92c7","target":{"function":"NxpMfcReader::AnalyzeMfcResp","file":"pn8x/halimpl/mifare/NxpMfcReader.cc"}},{"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/69c53a6f1bca6d450e5100c1044114ffad615e5c","digest":{"length":1390,"function_hash":"217768603380171297613270030606270843987"},"signature_type":"Function","id":"ASB-A-252763983-9e5854c9","target":{"function":"NxpMfcReader::AnalyzeMfcResp","file":"snxxx/halimpl/mifare/NxpMfcReader.cc"}},{"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/69c53a6f1bca6d450e5100c1044114ffad615e5c","signature_type":"Line","digest":{"line_hashes":["64284978509830298798730183538658890155","161084689393964153539491505797652199006","252132195742022893447742066666725943805","126108868847444204655071566216860054307"],"threshold":0.9},"id":"ASB-A-252763983-f13d3baf","target":{"file":"snxxx/halimpl/mifare/NxpMfcReader.cc"}}],"severity":"High","spl":"2023-05-01","fixes":["https://android.googlesource.com/platform/hardware/nxp/nfc/+/69c53a6f1bca6d450e5100c1044114ffad615e5c"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-252763983.json"}},{"package":{"name":"platform/hardware/nxp/nfc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-05-01"}]}],"versions":["13"],"ecosystem_specific":{"types":["ID"],"vanir_signatures":[{"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/69c53a6f1bca6d450e5100c1044114ffad615e5c","digest":{"line_hashes":["64284978509830298798730183538658890155","161084689393964153539491505797652199006","252132195742022893447742066666725943805","126108868847444204655071566216860054307"],"threshold":0.9},"signature_type":"Line","id":"ASB-A-252763983-4dd0fded","target":{"file":"snxxx/halimpl/mifare/NxpMfcReader.cc"}},{"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/69c53a6f1bca6d450e5100c1044114ffad615e5c","signature_type":"Function","digest":{"length":1390,"function_hash":"217768603380171297613270030606270843987"},"id":"ASB-A-252763983-67c3d35a","target":{"function":"NxpMfcReader::AnalyzeMfcResp","file":"pn8x/halimpl/mifare/NxpMfcReader.cc"}},{"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/69c53a6f1bca6d450e5100c1044114ffad615e5c","digest":{"length":1390,"function_hash":"217768603380171297613270030606270843987"},"signature_type":"Function","id":"ASB-A-252763983-eaccfcca","target":{"function":"NxpMfcReader::AnalyzeMfcResp","file":"snxxx/halimpl/mifare/NxpMfcReader.cc"}},{"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/69c53a6f1bca6d450e5100c1044114ffad615e5c","digest":{"line_hashes":["64284978509830298798730183538658890155","161084689393964153539491505797652199006","252132195742022893447742066666725943805","126108868847444204655071566216860054307"],"threshold":0.9},"signature_type":"Line","id":"ASB-A-252763983-f164f37f","target":{"file":"pn8x/halimpl/mifare/NxpMfcReader.cc"}}],"severity":"High","spl":"2023-05-01","fixes":["https://android.googlesource.com/platform/hardware/nxp/nfc/+/69c53a6f1bca6d450e5100c1044114ffad615e5c"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-252763983.json"}}],"schema_version":"1.7.5"}