{"id":"PUB-A-225981754","details":"In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation","aliases":["A-225981754","CVE-2022-20505"],"modified":"2026-05-26T15:46:26.044149249Z","published":"2022-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/c5da1394740292b036fa0d0b7ad9b96f0851b799"}],"affected":[{"package":{"name":"platform/packages/providers/ContactsProvider","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2022-12-01"}]}],"versions":["13"],"ecosystem_specific":{"vanir_signatures":[{"deprecated":false,"id":"PUB-A-225981754-3d976d42","target":{"file":"src/com/android/providers/contacts/CallLogProvider.java","function":"openFile"},"signature_type":"Function","signature_version":"v1","digest":{"function_hash":"231545673366050250262952693884714281968","length":983},"source":"https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/c5da1394740292b036fa0d0b7ad9b96f0851b799"},{"deprecated":false,"id":"PUB-A-225981754-68f2dffb","target":{"file":"src/com/android/providers/contacts/CallLogProvider.java","function":"allocateNewCallComposerPicture"},"signature_type":"Function","signature_version":"v1","digest":{"function_hash":"59884867351264151132995485155170850686","length":774},"source":"https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/c5da1394740292b036fa0d0b7ad9b96f0851b799"},{"deprecated":false,"id":"PUB-A-225981754-8c59c626","target":{"file":"src/com/android/providers/contacts/CallLogProvider.java","function":"deleteCallComposerPicture"},"signature_type":"Function","signature_version":"v1","digest":{"function_hash":"192327671234739927967485161192599275251","length":351},"source":"https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/c5da1394740292b036fa0d0b7ad9b96f0851b799"},{"id":"PUB-A-225981754-e1785b78","deprecated":false,"target":{"file":"src/com/android/providers/contacts/CallLogProvider.java","function":"syncCallComposerPics"},"signature_type":"Function","signature_version":"v1","digest":{"function_hash":"309386010514092342042245267834131134851","length":1646},"source":"https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/c5da1394740292b036fa0d0b7ad9b96f0851b799"},{"id":"PUB-A-225981754-e81a86e5","deprecated":false,"target":{"file":"src/com/android/providers/contacts/CallLogProvider.java"},"signature_type":"Line","signature_version":"v1","digest":{"line_hashes":["90411726906254443426730435841338685706","261713554497495016265945414111035963751","223484236778549619715047498372853515431","212727300813294272073991136558766830669","145291450032720118371994974066181749592","83206619313910695128548435682764265229","280624185982056141154666206410484568009","248111705161388651356813266075245029722","114304497285397900491032554899316901320","165472891104289477114417372168957371229","148501115818883676817113523476465475572","279890213913258310656874654355957680438","258179191018602781453434504890871419424","261990686389993149118546137426451388807","157793474918727384552935276709041265292","303394727368492633530529340784274426657","18965481648146670354266081386648002232","251697982678667641201019146966373741689","39973034611118046241533072751258587783","264085753851315626503573994444377012027","98091311131399214891666419273000917671","216220454372179139125795804482220632779","47401923675628117697947464933786772299","84548400442674366318118914823687679270","287859958430371281590258505168553971026","159810972737882846981070977960741004821","102462974237692409826427485140294425528","2281476316063599756271812216418645963","302497987735875217573044640396691592319","123583553300097912274155540290893791864","109127505205732677383334803609398725149"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/c5da1394740292b036fa0d0b7ad9b96f0851b799"}],"severity":"Moderate","fixes":["https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/c5da1394740292b036fa0d0b7ad9b96f0851b799"],"types":["EoP"],"spl":"2022-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-225981754.json"}}],"schema_version":"1.7.5"}