CVE-2023-21206

Name of the Vulnerable Software and Affected Versions Android versions Android-13

Description In the initiateVenueUrlAnqpQueryInternal function of sta iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Recommendations For Android version Android-13, consider restricting access to the initiateVenueUrlAnqpQueryInternal function in sta iface.cpp to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.