CVE-2022-20462 phNxpNciHal has an out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.
The issue exists due to incorrect integer truncation when copying large integers. This could allow for out of bounds write if an application relies on the length of an input. There is also a possible information leak due to incorrect bounds checking. This could be exploited via a malicious application that can cause a different application to leak information. User interaction is required. CVE-2018-4419 occurs due to incorrect integer truncation when copying large integers. This could allow for an out of bounds write if an application relies on the length of an input. There is also a possible information leak due to incorrect bounds checking. This could be exploited via a malicious application that can cause a different application to leak information. User interaction is required. CVE-2018-4420 occurs due to incorrect integer truncation when copying large integers. This could allow for an out of bounds write if an application relies on the length of an input. There is also a possible information leak due to incorrect bounds checking. This could be exploited via a malicious application that can cause a different application to leak information. User interaction is required. CVE-2018-4421 occurs due to incorrect integer truncation when copying large integers. This could allow for an out of bounds write if an application relies on the length of an input. There is also a possible information leak due to incorrect bounds checking
References
- The Common Vulnerabilities and Exposures project: CVE-2018-4421
- The Common Vulnerabilities and Exposures project: CVE-2018-4419
- The Common Vulnerabilities and Exposures project: CVE-2018-4420
Vulnerability Scenario
An attacker could exploit one of the above vulnerabilities by causing an application to leak information. A malicious application could also exploit one of the above vulnerabilities by causing another application to leak information.
Timeline
Published on: 11/08/2022 22:15:00 UTC
Last modified on: 11/09/2022 16:29:00 UTC