CVE-2024-20011 - OpenCVE

In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android
Mediatek	Mt6985 Mt8127 Mt8135 Mt8167 Mt8167s Mt8168 Mt8173 Mt8175 Mt8176 Mt8183 Mt8185 Mt8188 Mt8188t Mt8195 Mt8195z Mt8312c Mt8312d

Configuration 1 [-]

AND

OR	cpe:2.3:o:google:android:11.0:::::::*
	cpe:2.3:o:google:android:12.0:::::::*
	cpe:2.3:o:google:android:13.0:::::::*

OR	cpe:2.3:h:mediatek:mt6985:-:::::::*
	cpe:2.3:h:mediatek:mt8127:-:::::::*
	cpe:2.3:h:mediatek:mt8135:-:::::::*
	cpe:2.3:h:mediatek:mt8167:-:::::::*
	cpe:2.3:h:mediatek:mt8167s:-:::::::*
	cpe:2.3:h:mediatek:mt8168:-:::::::*
	cpe:2.3:h:mediatek:mt8173:-:::::::*
	cpe:2.3:h:mediatek:mt8175:-:::::::*
	cpe:2.3:h:mediatek:mt8176:-:::::::*
	cpe:2.3:h:mediatek:mt8183:-:::::::*
	cpe:2.3:h:mediatek:mt8185:-:::::::*
	cpe:2.3:h:mediatek:mt8188:-:::::::*
	cpe:2.3:h:mediatek:mt8188t:-:::::::*
	cpe:2.3:h:mediatek:mt8195:-:::::::*
	cpe:2.3:h:mediatek:mt8195z:-:::::::*
	cpe:2.3:h:mediatek:mt8312c:-:::::::*
	cpe:2.3:h:mediatek:mt8312d:-:::::::*

No data.

References

Link	Providers
https://corp.mediatek.com/product-security-bulletin/February-2024

History

No history.

MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2024-02-05T05:59:32.380Z

Updated: 2024-08-01T21:52:31.596Z

Reserved: 2023-11-02T13:35:35.149Z

Link: CVE-2024-20011

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2024-02-05T06:15:47.447

Modified: 2024-02-09T02:06:03.160

Link: CVE-2024-20011

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8127:-:*:*:*:*:*:*:*", "matchCriteriaId": "BD7BDC63-3963-4C4D-B547-2936006926E9", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8135:-:*:*:*:*:*:*:*", "matchCriteriaId": "182A995C-2453-4DF2-ABCC-A885D8C334C0", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", "matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", "matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8176:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E5B22E8-3536-4DBC-8E71-3E14FE45A887", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", "matchCriteriaId": "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", "matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*", "matchCriteriaId": "A4675A09-0147-4690-8AA1-E3802CA1B3EB", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8195z:-:*:*:*:*:*:*:*", "matchCriteriaId": "9B3A37B9-F500-4B3C-B77C-B2BD7B015154", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8312c:-:*:*:*:*:*:*:*", "matchCriteriaId": "39915BEC-73D4-46B7-B52C-CED910AF3CA9", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8312d:-:*:*:*:*:*:*:*", "matchCriteriaId": "3EF828C6-4B05-4E12-9B78-782F1F062F39", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146."}, {"lang": "es", "value": "En el decodificador alac, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a una verificaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08441146; ID del problema: ALPS08441146."}], "id": "CVE-2024-20011", "lastModified": "2024-02-09T02:06:03.160", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-05T06:15:47.447", "references": [{"source": "security@mediatek.com", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/February-2024"}], "sourceIdentifier": "security@mediatek.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}