CVE-2021-39623

CRITICAL

Google Android - Out-of-Bounds Write

Title source: rule

Description

In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194105348

Exploits (1)

inthewild

poc

https://github.com/marcinguy/cve-2021-39623

View on inthewild

References (1)

[Vendor Advisory] https://source.android.com/security/bulletin/2022-01-01

Scores

CVSS v3 9.8

EPSS 0.0252

EPSS Percentile 85.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (4)

google/android 9.0

google/android 10.0

google/android 11.0

google/android 12.0

Published Jan 14, 2022

Tracked Since Feb 18, 2026