Input validation error in Google Android

#VU83831 Input validation error in Google Android

Published: 2024-03-22

Vulnerability identifier: #VU83831

Vulnerability risk: Medium

CVSSv3.1: 6.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-45866

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: Yes

Vulnerable software:
Google Android
Operating systems & Components / Operating system

Vendor:

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an unspecified vulnerability in Bluetooth implementation. A remote attacker with physical proximity to device can inject keystrokes by spoofing a keyboard and execute arbitrary commands on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://source.android.com/docs/security/bulletin/2023-12-01

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

openEuler update for bluez

Gentoo update for BlueZ

Debian update for bluez

Slackware Linux update for bluez

Multiple vulnerabilities in Apple iOS 17 and iPadOS 17

Multiple vulnerabilities in Apple macOS Sonoma

Fedora 39 update for bluez

Fedora 38 update for bluez

Ubuntu update for bluez

Multiple vulnerabilities in Google Android