{"id":"CVE-2022-36938","details":"DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file.","modified":"2026-04-11T23:22:45.049227Z","published":"2022-11-11T00:15:10.193Z","references":[{"type":"FIX","url":"https://github.com/facebook/redex/commit/3b44c640346b77bfb7ef36e2413688dd460288d2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/facebook/redex","events":[{"introduced":"0"},{"fixed":"3b44c640346b77bfb7ef36e2413688dd460288d2"}]},{"type":"GIT","repo":"https://github.com/facebook/redex","events":[{"introduced":"0"},{"fixed":"3b44c640346b77bfb7ef36e2413688dd460288d2"}]}],"versions":["v1.1.0"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["177910661925181941752688148644438945393","249220321442325309033942983871564946740","187854720454391115907995214234916729570","104253921962812185286245934959302245729","181986475796517449553315829491872791399","314879030129633176182008407230254154162","95845696118994499748079908062571616971","165383393234662988824599750142236456709","337006233898131201948608113667587183889","320276635355040413562090943046278799634","191126501076420063077693187672972407318"]},"id":"CVE-2022-36938-b64dfaa4","deprecated":false,"target":{"file":"libredex/DexLoader.cpp"},"source":"https://github.com/facebook/redex/commit/3b44c640346b77bfb7ef36e2413688dd460288d2","signature_type":"Line"},{"signature_version":"v1","digest":{"function_hash":"292464291331006992722555593385468323157","length":1039},"id":"CVE-2022-36938-d3c57609","deprecated":false,"target":{"function":"validate_dex_header","file":"libredex/DexLoader.cpp"},"source":"https://github.com/facebook/redex/commit/3b44c640346b77bfb7ef36e2413688dd460288d2","signature_type":"Function"}],"vanir_signatures_modified":"2026-04-11T23:22:45Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2022-11-04"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-36938.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}