{"id":"ASB-A-272783039","details":"In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-272783039","CVE-2023-21273"],"modified":"2026-04-17T15:55:28.020024Z","published":"2023-08-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-08-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1e27ef69755a0735278a1c6af130c71a92b94e3f"}],"affected":[{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-08-01"}]}],"versions":["13-next"],"ecosystem_specific":{"types":["RCE"],"spl":"2023-08-01","fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/4b0f6e3b11b5f15e8b11d9641a5d38e024b2f089"],"severity":"Critical","vanir_signatures":[{"digest":{"line_hashes":["268966519890673592373226132654890357818","53028579098138126560829212585711619117","214424446220369933886731482884302318082","230691675953971434671289943888348243319","128467225149887229403254936370294966370","223398450480484607073681123615259489048","51588917513554258791363676110430415207","23864020749238874851468764405360350581","98059741557764458262010702801055520668","229521156691252941218304495170978149783","193796831976565547538930547449833928637","147068893013608601332174076344206267323","255395497216812250479514049407386329669","95325757278314560758631698746255474495","299745641314219429582968728597422429013","129158219444060520803925567174383169304","52123887382910997798212319234964178902","300650831691930109957904945074065797044"],"threshold":0.9},"signature_type":"Line","target":{"file":"system/stack/sdp/sdp_db.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/4b0f6e3b11b5f15e8b11d9641a5d38e024b2f089","signature_version":"v1","id":"ASB-A-272783039-4f2d109d","deprecated":false},{"digest":{"length":3132,"function_hash":"27806619383211635638394095334712591648"},"signature_type":"Function","target":{"file":"system/stack/sdp/sdp_db.cc","function":"SDP_AddAttribute"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/4b0f6e3b11b5f15e8b11d9641a5d38e024b2f089","signature_version":"v1","id":"ASB-A-272783039-e6228025","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-272783039.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-08-01"}]}],"versions":["11"],"ecosystem_specific":{"types":["RCE"],"spl":"2023-08-01","fixes":["https://android.googlesource.com/platform/system/bt/+/cc527a97f78a2999a0156a579e488afe9e3675b2"],"severity":"Critical","vanir_signatures":[{"digest":{"line_hashes":["258026599460255156511840060199436235944","53028579098138126560829212585711619117","214424446220369933886731482884302318082","230691675953971434671289943888348243319","128467225149887229403254936370294966370","223398450480484607073681123615259489048","51588917513554258791363676110430415207","23864020749238874851468764405360350581","98059741557764458262010702801055520668","229521156691252941218304495170978149783","193796831976565547538930547449833928637","147068893013608601332174076344206267323","255395497216812250479514049407386329669","95325757278314560758631698746255474495","299745641314219429582968728597422429013","129158219444060520803925567174383169304","52123887382910997798212319234964178902","300650831691930109957904945074065797044"],"threshold":0.9},"signature_type":"Line","target":{"file":"stack/sdp/sdp_db.cc"},"source":"https://android.googlesource.com/platform/system/bt/+/cc527a97f78a2999a0156a579e488afe9e3675b2","signature_version":"v1","id":"ASB-A-272783039-51facfc1","deprecated":false},{"digest":{"length":2810,"function_hash":"310198622518672996077602582665402023253"},"signature_type":"Function","target":{"file":"stack/sdp/sdp_db.cc","function":"SDP_AddAttribute"},"source":"https://android.googlesource.com/platform/system/bt/+/cc527a97f78a2999a0156a579e488afe9e3675b2","signature_version":"v1","id":"ASB-A-272783039-e66b4852","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-272783039.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-08-01"}]}],"versions":["12"],"ecosystem_specific":{"types":["RCE"],"spl":"2023-08-01","fixes":["https://android.googlesource.com/platform/system/bt/+/cc527a97f78a2999a0156a579e488afe9e3675b2"],"severity":"Critical","vanir_signatures":[{"digest":{"line_hashes":["258026599460255156511840060199436235944","53028579098138126560829212585711619117","214424446220369933886731482884302318082","230691675953971434671289943888348243319","128467225149887229403254936370294966370","223398450480484607073681123615259489048","51588917513554258791363676110430415207","23864020749238874851468764405360350581","98059741557764458262010702801055520668","229521156691252941218304495170978149783","193796831976565547538930547449833928637","147068893013608601332174076344206267323","255395497216812250479514049407386329669","95325757278314560758631698746255474495","299745641314219429582968728597422429013","129158219444060520803925567174383169304","52123887382910997798212319234964178902","300650831691930109957904945074065797044"],"threshold":0.9},"signature_type":"Line","target":{"file":"stack/sdp/sdp_db.cc"},"source":"https://android.googlesource.com/platform/system/bt/+/cc527a97f78a2999a0156a579e488afe9e3675b2","signature_version":"v1","id":"ASB-A-272783039-220f1d51","deprecated":false},{"digest":{"length":2810,"function_hash":"310198622518672996077602582665402023253"},"signature_type":"Function","target":{"file":"stack/sdp/sdp_db.cc","function":"SDP_AddAttribute"},"source":"https://android.googlesource.com/platform/system/bt/+/cc527a97f78a2999a0156a579e488afe9e3675b2","signature_version":"v1","id":"ASB-A-272783039-6c5ae489","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-272783039.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-08-01"}]}],"versions":["12L"],"ecosystem_specific":{"types":["RCE"],"spl":"2023-08-01","fixes":["https://android.googlesource.com/platform/system/bt/+/cc527a97f78a2999a0156a579e488afe9e3675b2"],"severity":"Critical","vanir_signatures":[{"digest":{"length":2810,"function_hash":"310198622518672996077602582665402023253"},"signature_type":"Function","target":{"file":"stack/sdp/sdp_db.cc","function":"SDP_AddAttribute"},"source":"https://android.googlesource.com/platform/system/bt/+/cc527a97f78a2999a0156a579e488afe9e3675b2","signature_version":"v1","id":"ASB-A-272783039-391e69b4","deprecated":false},{"digest":{"line_hashes":["258026599460255156511840060199436235944","53028579098138126560829212585711619117","214424446220369933886731482884302318082","230691675953971434671289943888348243319","128467225149887229403254936370294966370","223398450480484607073681123615259489048","51588917513554258791363676110430415207","23864020749238874851468764405360350581","98059741557764458262010702801055520668","229521156691252941218304495170978149783","193796831976565547538930547449833928637","147068893013608601332174076344206267323","255395497216812250479514049407386329669","95325757278314560758631698746255474495","299745641314219429582968728597422429013","129158219444060520803925567174383169304","52123887382910997798212319234964178902","300650831691930109957904945074065797044"],"threshold":0.9},"signature_type":"Line","target":{"file":"stack/sdp/sdp_db.cc"},"source":"https://android.googlesource.com/platform/system/bt/+/cc527a97f78a2999a0156a579e488afe9e3675b2","signature_version":"v1","id":"ASB-A-272783039-71a4ef28","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-272783039.json"}},{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-08-01"}]}],"versions":["13"],"ecosystem_specific":{"types":["RCE"],"spl":"2023-08-01","fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0846b5b746e844464fb728478fea3c2ad6aaef1f"],"severity":"Critical","vanir_signatures":[{"digest":{"line_hashes":["268966519890673592373226132654890357818","53028579098138126560829212585711619117","214424446220369933886731482884302318082","230691675953971434671289943888348243319","128467225149887229403254936370294966370","223398450480484607073681123615259489048","51588917513554258791363676110430415207","23864020749238874851468764405360350581","98059741557764458262010702801055520668","229521156691252941218304495170978149783","193796831976565547538930547449833928637","147068893013608601332174076344206267323","255395497216812250479514049407386329669","95325757278314560758631698746255474495","299745641314219429582968728597422429013","129158219444060520803925567174383169304","52123887382910997798212319234964178902","300650831691930109957904945074065797044"],"threshold":0.9},"signature_type":"Line","target":{"file":"system/stack/sdp/sdp_db.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0846b5b746e844464fb728478fea3c2ad6aaef1f","signature_version":"v1","id":"ASB-A-272783039-3fc806d2","deprecated":false},{"digest":{"length":3093,"function_hash":"321724065725547573151194518007770896634"},"signature_type":"Function","target":{"file":"system/stack/sdp/sdp_db.cc","function":"SDP_AddAttribute"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/0846b5b746e844464fb728478fea3c2ad6aaef1f","signature_version":"v1","id":"ASB-A-272783039-f27f17cd","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-272783039.json"}}],"schema_version":"1.7.5"}