CVE-2023-21233

HIGH

Android - Remote Information Disclosure via Uninitialized Heap Data in AVRCP

Title source: llm

Description

In multiple locations of avrc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References (1)

Core 1

Core References

Broken Link

https://source.android.com/security/bulletin/wear/2023-08-01

Scores

CVSS v3 7.5

EPSS 0.0034

EPSS Percentile 25.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-908

Status published

Products (1)

google/android 11.0

Published Aug 14, 2023

Tracked Since Feb 18, 2026