google android CVE-2023-21127 is a vulnerability in Google Android
Published on June 15, 2023

In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-275418191

Vendor Advisory NVD

Vulnerability Analysis

CVE-2023-21127 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Use of Uninitialized Resource

The software uses or accesses a resource that has not been initialized. When a resource has not been properly initialized, the software may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the software.


Products Associated with CVE-2023-21127

You can be notified by stack.watch whenever vulnerabilities like CVE-2023-21127 are published in these products:

 

What versions of Android are vulnerable to CVE-2023-21127?