{"id":"PUB-A-245915315","details":"In BTA_GATTS_HandleValueIndication of bta_gatts_api.cc, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-245915315","CVE-2023-20985"],"modified":"2026-05-19T16:54:37.272608834Z","published":"2023-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-06-01"}],"affected":[{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-06-01"}]}],"versions":["13-next"],"ecosystem_specific":{"types":["EoP"],"severity":"Moderate","fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/4f00ec98b6621b0fa89eebf829851f4d8f02303f"],"spl":"2023-06-01","vanir_signatures":[{"id":"PUB-A-245915315-91a4b579","signature_type":"Line","target":{"file":"system/bta/gatt/bta_gatts_api.cc"},"deprecated":false,"digest":{"line_hashes":["173433427464343232030996065385142546900","175381008152256785464226710436349548108","292261872986763794577689858678727794970","24728948674180896011306320165118087497"],"threshold":0.9},"signature_version":"v1","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/4f00ec98b6621b0fa89eebf829851f4d8f02303f"},{"id":"PUB-A-245915315-95d0dfc6","signature_type":"Function","target":{"file":"system/bta/gatt/bta_gatts_api.cc","function":"BTA_GATTS_HandleValueIndication"},"digest":{"length":419,"function_hash":"91195820499357571368665567679513203816"},"deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/4f00ec98b6621b0fa89eebf829851f4d8f02303f"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-245915315.json"}},{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-06-01"}]}],"versions":["13"],"ecosystem_specific":{"types":["EoP"],"severity":"Moderate","fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/a3c7e6372846fb89c3c46bbf54f973f9f2311824"],"spl":"2023-06-01","vanir_signatures":[{"id":"PUB-A-245915315-11f86288","signature_type":"Function","target":{"file":"system/bta/gatt/bta_gatts_api.cc","function":"BTA_GATTS_HandleValueIndication"},"digest":{"length":419,"function_hash":"91195820499357571368665567679513203816"},"deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/a3c7e6372846fb89c3c46bbf54f973f9f2311824"},{"id":"PUB-A-245915315-e3d3f56e","signature_type":"Line","target":{"file":"system/bta/gatt/bta_gatts_api.cc"},"digest":{"line_hashes":["173433427464343232030996065385142546900","175381008152256785464226710436349548108","292261872986763794577689858678727794970","24728948674180896011306320165118087497"],"threshold":0.9},"deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/a3c7e6372846fb89c3c46bbf54f973f9f2311824"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-245915315.json"}}],"schema_version":"1.7.5"}