{"id":"PUB-A-262236005","details":"In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-262236005","CVE-2023-20970"],"modified":"2026-04-08T15:00:25.631816Z","published":"2023-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-03-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/73b889335132164fdb87c5d8ebccad1bd5620b33"}],"affected":[{"package":{"name":"platform/external/wpa_supplicant_8","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-03-01"}]}],"versions":["13"],"ecosystem_specific":{"spl":"2023-03-01","types":["ID"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/73b889335132164fdb87c5d8ebccad1bd5620b33","signature_version":"v1","id":"PUB-A-262236005-0a8c4821","digest":{"length":614,"function_hash":"321852342026563429884403549989806801952"},"deprecated":false,"signature_type":"Function","target":{"function":"P2pIface::startWpsPbcInternal","file":"wpa_supplicant/aidl/p2p_iface.cpp"}},{"source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/73b889335132164fdb87c5d8ebccad1bd5620b33","signature_version":"v1","id":"PUB-A-262236005-2965c088","digest":{"length":446,"function_hash":"29179256213046456462594588623743637026"},"deprecated":false,"signature_type":"Function","target":{"function":"forceStaDisconnection","file":"hostapd/aidl/hostapd.cpp"}},{"source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/73b889335132164fdb87c5d8ebccad1bd5620b33","signature_version":"v1","id":"PUB-A-262236005-2cbd9ccb","digest":{"length":325,"function_hash":"304862919695512685028025756866522332424"},"deprecated":false,"signature_type":"Function","target":{"function":"P2pIface::inviteInternal","file":"wpa_supplicant/aidl/p2p_iface.cpp"}},{"source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/73b889335132164fdb87c5d8ebccad1bd5620b33","signature_version":"v1","id":"PUB-A-262236005-489bf3a3","digest":{"length":365,"function_hash":"105121558410630898602723282192200942124"},"deprecated":false,"signature_type":"Function","target":{"function":"P2pIface::rejectInternal","file":"wpa_supplicant/aidl/p2p_iface.cpp"}},{"source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/73b889335132164fdb87c5d8ebccad1bd5620b33","signature_version":"v1","id":"PUB-A-262236005-57375273","digest":{"length":251,"function_hash":"165644971505095779920820179878423993244"},"deprecated":false,"signature_type":"Function","target":{"function":"P2pIface::setWpsDeviceTypeInternal","file":"wpa_supplicant/aidl/p2p_iface.cpp"}},{"source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/73b889335132164fdb87c5d8ebccad1bd5620b33","signature_version":"v1","id":"PUB-A-262236005-7ece4782","digest":{"line_hashes":["267784770891736363066927136612262349887","251119640472696813808502630417277114110","82110769310425997029204339493250401355","50475380231930713199785725201057620340","117535896916156094233286197900322919659","305411529120477989096449133081981932240","175316613001679079756792936158995319075","304168399375420457179973043767459316325","40019295012450855165098072256238979794","335187921316862049506562351165002668482","259081564332439928802798901171903525727","9732878835770249696709646023731311730","275811131070210573826463343486145969297","157113327393829499510262926583904162879","181249693934510422258163493743879363201","97005296337405995567594539036529604499","158384647006094347256356500632331610673","263994662989655310059369804605474548759","324055926978466222262557302222317154651","253833181553165017550852354711710459332","150746296075692643819997638310239810716","98601117521964660950153415334672809233","198188078172716288461372056266597630544","15393108041217713004751889752394632131","292553076914462153722496176872880358597","294557981524759452744623972639589290697","83892416304764298960799743091325537521","275073322083899950601872083159217740780","40512993659853455619510829228555300586","17977162063296299066537110999155931360","93204688945369482874500701513935165973","316997951960481979695553208697051609020","179875974771643563460257506608600983528","196736917957622710347204079851300383838","20645197384023624604134820496671552772","77805595769428866870884741026909964032"],"threshold":0.9},"deprecated":false,"signature_type":"Line","target":{"file":"wpa_supplicant/aidl/p2p_iface.cpp"}},{"source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/73b889335132164fdb87c5d8ebccad1bd5620b33","signature_version":"v1","id":"PUB-A-262236005-8653098e","digest":{"length":1218,"function_hash":"98746799185180776980817094450727189037"},"deprecated":false,"signature_type":"Function","target":{"function":"P2pIface::connectInternal","file":"wpa_supplicant/aidl/p2p_iface.cpp"}},{"source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/73b889335132164fdb87c5d8ebccad1bd5620b33","signature_version":"v1","id":"PUB-A-262236005-90938099","digest":{"length":188,"function_hash":"225275501161322564484505173642441533658"},"deprecated":false,"signature_type":"Function","target":{"function":"P2pIface::removeClientInternal","file":"wpa_supplicant/aidl/p2p_iface.cpp"}},{"source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/73b889335132164fdb87c5d8ebccad1bd5620b33","signature_version":"v1","id":"PUB-A-262236005-a0fe96d7","digest":{"length":554,"function_hash":"133277480177628379853410026512500202711"},"deprecated":false,"signature_type":"Function","target":{"function":"P2pIface::startWpsPinDisplayInternal","file":"wpa_supplicant/aidl/p2p_iface.cpp"}},{"source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/73b889335132164fdb87c5d8ebccad1bd5620b33","signature_version":"v1","id":"PUB-A-262236005-ab71f8bd","digest":{"length":551,"function_hash":"193857294644734896375745334057554887551"},"deprecated":false,"signature_type":"Function","target":{"function":"P2pIface::requestServiceDiscoveryInternal","file":"wpa_supplicant/aidl/p2p_iface.cpp"}},{"source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/73b889335132164fdb87c5d8ebccad1bd5620b33","signature_version":"v1","id":"PUB-A-262236005-bae958d8","digest":{"line_hashes":["67951725967581734224581204460881356359","25793791760192224148385652534407511059","286624069498036483250569919336037813248","132743282911492767411658978302634935581"],"threshold":0.9},"deprecated":false,"signature_type":"Line","target":{"file":"hostapd/aidl/hostapd.cpp"}},{"source":"https://android.googlesource.com/platform/external/wpa_supplicant_8/+/73b889335132164fdb87c5d8ebccad1bd5620b33","signature_version":"v1","id":"PUB-A-262236005-d7052804","digest":{"length":617,"function_hash":"265940483599719600156885895185499531991"},"deprecated":false,"signature_type":"Function","target":{"function":"P2pIface::reinvokeInternal","file":"wpa_supplicant/aidl/p2p_iface.cpp"}}],"fixes":["https://android.googlesource.com/platform/external/wpa_supplicant_8/+/73b889335132164fdb87c5d8ebccad1bd5620b33"],"severity":"Moderate"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-262236005.json"}}],"schema_version":"1.7.5"}