CVE-2023-20954

Name of the Vulnerable Software and Affected Versions Android versions Android-11 through Android-13

Description The issue is caused by an incorrect bounds check in the SDP AddAttribute function of sdp db.cc, leading to a possible out of bounds write. This could result in remote code execution with no additional execution privileges needed. User interaction is not required for exploitation. The vulnerability exists due to insufficient input validation in the System component of the Android operating system, allowing a remote attacker to execute arbitrary code.

Recommendations For Android versions Android-11 through Android-13, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.